Disclosed during the TyphoonPWN 2025 LG Category competition—where it won first place—this vulnerability impacts models such as the LG WebOS 43UT8050 and likely extends to other WebOS versions.
The weakness transforms a benign file-sharing feature into a full compromise vector, posing a severe risk to users who connect USB devices or operate these smart TVs in shared network environments.
At the heart of the issue is the browser-service daemon that automatically listens on TCP port 18888 when a USB storage device is attached.
This service exposes an HTTP API endpoint (/getFile?path=) intended for peer devices to download files from approved directories—namely /tmp/usb and /tmp/home.office.documentviewer.
The implementation fails to properly sanitize the path parameter, enabling a classic path traversal attack. By injecting sequences such as ../, an attacker can navigate outside of the intended directories and retrieve arbitrary files anywhere on the filesystem without any authentication.
This lack of validation effectively makes the TV’s file-sharing interface a backdoor. An attacker only needs network access—either via the local network or through a malicious USB device—to issue crafted HTTP requests and exfiltrate sensitive files.
One particularly dangerous target for file retrieval is the database at /var/db/main/, which houses the authentication keys for peer clients that previously connected to the TV.
Once these keys are harvested, adversaries can impersonate legitimate devices to the secondscreen.gateway service.
With valid credentials in hand, the attacker can enable developer mode on the TV, install unsigned or malicious applications, and execute commands at the highest privilege level.
This full-device takeover capability allows for persistent malware installation, network traffic interception, and even using the TV as a pivot point for lateral movement within the user’s network.
Attackers could monitor viewing habits, compromise other devices on the same network segment, or deploy spyware that operates undetected.
LG has acknowledged the flaw and published security advisory SMR-SEP-2025 on its official security bulletin portal.
A firmware update addressing this path traversal vulnerability has been released for the 43UT8050 and will be rolled out to other affected WebOS versions in the coming weeks.
Users are strongly advised to check for and install the latest firmware immediately.
Until updated firmware is applied, users should refrain from connecting untrusted USB devices and isolate smart TVs on a segmented network, separate from sensitive resources.
Implementing network access controls or VLANs can limit an attacker’s ability to reach the TV’s management ports.
LG also recommends disabling developer mode and second-screen services if they are not in active use.
The proof-of-concept exploit, which leverages Docker containers and custom Python scripts, demonstrates how accessible and practical this attack can be for both researchers and threat actors.
As smart TVs become more deeply integrated into home and enterprise environments, timely patch management and network hygiene are essential to thwarting similar attacks.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates
The post LG webOS TV Vulnerability Allows Authentication Bypass and Full Device Takeover appeared first on Cyber Security News.
Making the leap to space feels like a big departure from the usually grounded horror…
Xbox and Discord have now officially unveiled the new starter edition of Xbox Game Pass…
The infamous hacking group ShinyHunters has struck again, this time targeting Instructure, the company behind…
In a massive, internationally coordinated operation, the Frankfurt am Main Public Prosecutor’s Office – Central…
A popular artificial intelligence repository on Hugging Face was recently found hiding dangerous malware that…
Traditional ransomware disrupts organizations by encrypting data and demanding payment for decryption keys. However, a…
This website uses cookies.