A essential vulnerability has been found in LG’s WebOS for sensible TVs, permitting an attacker on the identical native community to bypass authentication mechanisms and obtain full management over the system.
The flaw, which impacts fashions just like the LG WebOS 43UT8050, allows unauthenticated attackers to realize root entry, set up malicious functions, and utterly compromise the tv. The vulnerability was disclosed throughout the TyphoonPWN 2025 hacking competitors, the place it secured first place.
The assault chain begins with a flaw within the browser-service working on the TV. This service prompts on port 18888 when a USB storage system is related. It exposes an API endpoint, /getFile, meant to permit peer gadgets to obtain recordsdata from particular directories.
path traversal
Based on SSD-Disclosure, the vulnerability is because of an absence of correct enter validation on the trail parameter, the service is weak to path traversal. This permits an attacker to request and obtain any file from the TV’s filesystem without having to authenticate.
By exploiting this path traversal flaw, an attacker can entry delicate system recordsdata. The first goal is the database file situated at /var/db/primary/, which accommodates authentication keys for purchasers which have beforehand paired with the TV’s secondscreen.gateway service.
Armed with these keys, the attacker can impersonate a legit shopper and hook up with the secondscreen service, bypassing all authentication checks. This grants them high-privilege entry to the TV’s core capabilities.
From Vulnerability to Gadget Takeover
As soon as authenticated to the secondscreen service, the attacker has the privileges wanted to allow developer mode on the system. From there, they’ll use developer instruments to put in any software, together with malware designed to spy on the consumer, steal information, or use the TV as a bot in a bigger community of compromised gadgets.
The proof-of-concept demonstrates how an attacker can leverage this entry to execute arbitrary instructions, successfully gaining root management and taking up the tv.
The whole course of might be automated with a easy script, permitting for speedy exploitation as soon as preliminary entry to the native community is gained.
In response to the disclosure, LG has launched the safety advisory SMR-SEP-2025 and urges customers to make sure their gadgets are up to date with the most recent firmware to mitigate the menace.
Free dwell webinar on new malware ways from our analysts! Study superior detection methods -> Register for Free
