CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Vulnerabilities

No Patch for Flaw Exposing Hundreds of LG Cameras to Remote Hacking

LG Innotek LNV5110R security cameras are affected by a vulnerability that can be exploited for unauthenticated remote code execution. The post No Patch for Flaw Exposing Hundreds of LG Cameras to Remote Hacking appeared first on SecurityWeek.

Camera feeds exposed to hackers

Hundreds of LG security cameras are vulnerable to remote hacking due to a recently discovered flaw and they will not receive a patch.

The cybersecurity agency CISA revealed on Thursday that LG Innotek LNV5110R cameras are affected by an authentication bypass vulnerability that can allow an attacker to gain administrative access to the device.

The flaw, tracked as CVE-2025-7742 and assigned a ‘high severity’ rating, can allow an attacker to upload an HTTP POST request to the device’s non-volatile storage, which can result in remote code execution with elevated privileges, according to CISA.

LG Innotek has been notified, but said the vulnerability cannot be patched as the product has reached end of life.

Souvik Kandar, the MicroSec researcher credited by CISA for reporting the vulnerability, told SecurityWeek there are roughly 1,300 cameras that are exposed to the internet and which can be remotely hacked.

The researcher said an attacker could exploit the vulnerability to gain access to live streams, disrupt the camera, and for other malicious activities. 

“This is a full unauthenticated remote code execution vulnerability,” Kandar explained. “An attacker can upload a reverse shell without any login, gain administrative privileges, execute arbitrary Linux commands, and use the device as a launching pad to pivot into internal networks.”

CISA said the impacted product is used worldwide, including in the commercial facilities critical infrastructure sector. 

SecurityWeek has reached out to LG Innotek for comment and will update this article if the company responds. 

Kandar said he reported 50 vulnerabilities this year, including in smart weather systems, seismic sensors, marine systems, routers, and OT devices, including AutomationDirect, Instantel and Lantronix products designed for industrial environments. 

Learn More at SecurityWeek’s ICS Cybersecurity Conference
The leading global conference series for Operations, Control Systems and OT/IT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.
ICS Cybersecurity Conference
October 27-30, 2025 | Atlanta
www.icscybersecurityconference.com

Related: 40,000 Security Cameras Exposed to Remote Hacking

Related: Vulnerabilities Allow Remote Hacking of Inaba Plant Monitoring Cameras

Related: Unpatched Edimax Camera Flaw Exploited Since at Least May 2024

Latest News

CYBERNEWSMEDIAPublisher