No Patch for Flaw Exposing Hundreds of LG Cameras to Remote Hacking

No Patch for Flaw Exposing Hundreds of LG Cameras to Remote Hacking

Posted on By CWS

Lots of of LG safety cameras are weak to distant hacking resulting from a not too long ago found flaw and they won’t obtain a patch.

The cybersecurity company CISA revealed on Thursday that LG Innotek LNV5110R cameras are affected by an authentication bypass vulnerability that may enable an attacker to realize administrative entry to the machine.

The flaw, tracked as CVE-2025-7742 and assigned a ‘excessive severity’ ranking, can enable an attacker to add an HTTP POST request to the machine’s non-volatile storage, which can lead to distant code execution with elevated privileges, based on CISA.

LG Innotek has been notified, however stated the vulnerability can’t be patched because the product has reached finish of life.

Souvik Kandar, the MicroSec researcher credited by CISA for reporting the vulnerability, instructed SecurityWeek there are roughly 1,300 cameras which can be uncovered to the web and which may be remotely hacked.

The researcher stated an attacker might exploit the vulnerability to realize entry to reside streams, disrupt the digicam, and for different malicious actions. 

“It is a full unauthenticated distant code execution vulnerability,” Kandar defined. “An attacker can add a reverse shell with none login, acquire administrative privileges, execute arbitrary Linux instructions, and use the machine as a launching pad to pivot into inside networks.”

CISA stated the impacted product is used worldwide, together with within the industrial services essential infrastructure sector. Commercial. Scroll to proceed studying.

SecurityWeek has reached out to LG Innotek for remark and can replace this text if the corporate responds. 

Kandar stated he reported 50 vulnerabilities this 12 months, together with in good climate techniques, seismic sensors, marine techniques, routers, and OT gadgets, together with AutomationDirect, Instantel and Lantronix merchandise designed for industrial environments. 

Associated: 40,000 Safety Cameras Uncovered to Distant Hacking

Associated: Vulnerabilities Permit Distant Hacking of Inaba Plant Monitoring Cameras

Associated: Unpatched Edimax Digital camera Flaw Exploited Since at Least Could 2024

Security Week News Tags:, , , , , ,

Related Posts

CISA Analyzes Malware From Ivanti EPMM Intrusions CISA Analyzes Malware From Ivanti EPMM Intrusions Security Week News
PromptLock Only PoC, but AI-Powered Ransomware Is Real PromptLock Only PoC, but AI-Powered Ransomware Is Real Security Week News
Keycard Emerges From Stealth Mode With Million in Funding Keycard Emerges From Stealth Mode With $38 Million in Funding Security Week News
Exploit for VMware Zero-Day Flaws Likely Built a Year Before Public Disclosure Exploit for VMware Zero-Day Flaws Likely Built a Year Before Public Disclosure Security Week News
Hackers Win 0,000 on First Day of Pwn2Own Berlin 2025 Hackers Win $260,000 on First Day of Pwn2Own Berlin 2025 Security Week News
Flaws in Gigabyte Firmware Allow Security Bypass, Backdoor Deployment Flaws in Gigabyte Firmware Allow Security Bypass, Backdoor Deployment Security Week News