CVE-2022-23731

HIGH

LG webOS >=4.0 - Privilege Escalation via V8 Heap Vulnerability

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-23731. PoCs published by DavidBuchanan314.

AI-analyzed exploit summary This repository contains a working exploit chain for CVE-2022-23731, targeting WebOS 4.x on 32-bit SoCs to achieve local privilege escalation (LPE) to root. The exploit leverages memory corruption and type confusion in the JavaScript engine to gain arbitrary read/write primitives and execute shellcode.

Description

V8 javascript engine (heap vulnerability) can cause privilege escalation ,which can impact on some webOS TV models.

Exploits (1)

nomisec WORKING POC 49 stars

by DavidBuchanan314 · poc

https://github.com/DavidBuchanan314/WAMpage

View Code ZIP pw:eip

This repository contains a working exploit chain for CVE-2022-23731, targeting WebOS 4.x on 32-bit SoCs to achieve local privilege escalation (LPE) to root. The exploit leverages memory corruption and type confusion in the JavaScript engine to gain arbitrary read/write primitives and execute shellcode.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: WebOS 4.x (32-bit)

No auth needed

Prerequisites: Access to a WebOS 4.x device with a 32-bit SoC · Ability to install the exploit as an app or run it in a devmode shell

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://lgsecurity.lge.com/bulletins/tv

Scores

CVSS v3 7.8

EPSS 0.0062

EPSS Percentile 45.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-264

Status published

Products (1)

lg/webos 4.0

Published Mar 11, 2022

Tracked Since Feb 18, 2026