Alert: Vulnerabilities found in TCL Android TVs

TCL was recently notified by an independent security researcher of two vulnerabilities in Android TV models. Once TCL received notification, the company quickly took steps to investigate, thoroughly test, develop patches, and implement a plan to send updates to resolve the matter. Updating devices and applications to enhance security is a regular occurrence in the technology industry, and these updates are currently being distributed to all affected Android TV models.  

TCL takes privacy and security very seriously, and particularly appreciates the vital role that independent researchers play in the technology ecosystem. We wish to thank the security researchers for bringing this matter to our attention as we work to advance the user experience. We are committed to bringing consumers secure and robust products, and we’re confident that we’re putting in place effective solutions for these devices.


FAQ

Who discovered these vulnerabilities
The discovery was made by two industry researchers @sickcodes and @johnjhacking.

Do these vulnerabilities apply to models sold in the USA or Canada?
CVE-2020-27403 is not an issue in product deployed in North America.  However, select televisions sold in the USA and Canada were affected by CVE-2020-28055; the updated television software versions listed below solve this.  

TV Models
Software Version
32S330 / 40S330 V8-R851T10-LF1V091
43S434, 50S434, 55S434, 65S434, and 75S434
V8-R851T02-LF1V440

To ensure your set has the latest firmware, click the section below to view the instructions on how to view the software on your TCL Android TV.


When was TCL made aware of these vulnerabilities?
The TCL lab was made aware of the discovery at 11:30am on October 27.  Within hours, the issues had been verified and the security compliance team triggered the vulnerability management response process.  The solution for CVE-2020-27403 began deployment on October 30 via APK upgrade. Updated firmware is being distributed to address CVE-2020-28055.  To ensure your set has the latest firmware, click the section below to view the instructions on how to view the software on your TCL Android TV.


How to check the software version of your TCL Android TV

  1. Press the Home button on the TCL Android TV remote control to display the Home screen.
  2. Use the navigation button to move the cursor to the Settings icon, located on the right top of the screen, then press OK
  3. Scroll and select Device Preferences
  4. Scroll and select  About 
  5. This will display the Product Information screen where you will see the software version as shown below.

If necessary, follow the step-by-step instruction on how to update the software on your TCL Android TV:

  1. Press the Home button on the TCL Android TV remote control to display the Home screen.
  2. Use the navigation button to move the cursor to the Settings icon, located on the right top of the screen, then press OK
  3. Scroll and select More Settings
  4. Scroll and select Device Preferences
  5. Scroll and select About 
  6. Scroll and select System Update 
  7. The Software Update pop-up box will display, select Network Update
  8. The TV will search for an available software update, once prompted, click OK to confirm.
 



Was this article helpful?

Can’t find what you’re looking for?

The TCL Support Team is here to help.

Contact Us
x

How can we improve the content?