A critical vulnerability has been uncovered in LGโs WebOS for smart TVs that allows attackers on the same local network to bypass authentication and take complete control of affected sets, including models such as the LG WebOS 43UT8050.
The flaw was disclosed publicly by SSD Secure Disclosure after it won first place in TyphoonPWNโs LG category competition for its severity and impact. Also, technical details of the vulnerability were published to show how a simple path-traversal bug leads to a complete device takeover.
How The Attack Works
The issue begins with the browser service on WebOS TV, a process that opens a special โdoorโ (port 18888) whenever a USB storage device is attached to the TV. This service exposes an HTTP endpoint โ /getFile?path=โฆ โ meant to let peer devices download files from limited directories (for example, /tmp/usb).
The flaw The TV fails to validate the path parameter, enabling attackers to climb the directory tree and download any file from the TVโs system without logging in.
Stealing The TVโs Credentials
One particularly sensitive file sits at /var/db/main/. This database contains authentication keys for devices previously paired with the TVโs secondscreen.gateway service. By stealing these keys, attackers can impersonate a legitimate client and connect to the secondscreen service.
Once inside, they gain high-level access, enabling developer mode, installing apps, or running commands with high privileges โ effectively giving them root access and persistent control. The exploit chain was demonstrated with proof-of-concept code that uses Docker and small scripts to automate the steps.
From Flaw To Full Takeover
With developer mode enabled, an attacker can turn a compromised TV into a spying tool, a network backdoor, serve as a pivot point to attack other devices, simply turn the TV into part of a botnet, or remain persistently infected with malware.
Security researchers showed that the entire process can be automated with a simple script in just minutes, making it fast and practical for attackers once they gain network access.
LGโs Response
Following disclosure, LG has acknowledged the issue and released an advisory SMR-SEP-2025 on its product security site, urging users to update their TVs immediately via firmware patches.
What Users Should Do
Until patches are applied to the TV, security experts recommend:
- Update firmware immediately (check LGโs official advisory).
- Avoid connecting to untrusted USB drives.
- Keep TVs on a separate Wi-Fi or IoT VLAN network, away from laptops and critical devices.
- Disable developer or second-screen services if they are not in use.
Why It Matters
This vulnerability is a sharp reminder that your smart TV isnโt just a TV anymore โ itโs a computer on your network, and it can become a serious security risk when input validation and basic controls are weak. As more and more homes fill up with connected devices, keeping them updated and isolated is no longer optional โ it is essential.
