Gateway for attackers: Over 1,300 LG cameras worldwide vulnerable

A serious security vulnerability is currently threatening numerous commercial networks worldwide. According to the US Cybersecurity and Infrastructure Security Agency (CISA), over 1,300 internet-enabled surveillance cameras of the model LG Innotek LND5110R are affected. The vulnerability, registered under the identifier CVE-2025-7742, allows attackers to gain full administrative access to the devices without authentication.

Technical details: Authentication bypass allows code execution

The vulnerability is based on an authentication bypass technique that makes it possible to execute any code with root privileges on the device without valid login credentials. The only requirement is that the attacker has direct access to the camera via the Internet – a circumstance that is the case for over 1,300 devices according to Internet scans.

Security researcher Souvik Kandar, who discovered the vulnerability, demonstrated how a reverse shell can be installed on the devices. This allows an attacker to gain complete system control, execute arbitrary Linux commands and potentially serve as a springboard for further attacks on internal networks.

No help from the manufacturer: LG Innotek declares product obsolete

The manufacturer’s attitude is particularly alarming: LG Innotek confirmed to CISA that the LND5110R model has reached end-of-life status. This means that no security updates are planned, leaving affected devices permanently vulnerable – a huge risk, especially for security-critical applications.

CISA recommendations: Urgent action required

Given the severity of the security vulnerability and the lack of manufacturer support, CISA urges companies to take immediate countermeasures:

• Removal from the public network: Cameras should no longer be directly accessible via the Internet.
• Use of VPNs: If remote access is absolutely necessary, it should only be done via a securely configured virtual private network (VPN).
• Network segmentation and monitoring: Devices should be operated in separate network segments and their data traffic should be actively monitored.
• Replacement of outdated hardware: Replacing the affected devices with modern, supported models should be a medium-term priority.

Conclusion: Companies bear the responsibility

Since LG Innotek does not provide patches, the responsibility for securing this vulnerability lies solely with the operators of the camera systems. Compromising these systems can have serious consequences, especially for companies operating in critical infrastructures, ranging from data breaches to the disruption of business operations.

The vulnerability once again highlights the importance of proactive asset management and the need to regularly check outdated IoT hardware for security risks and replace it in good time.

Sources

• Cybersecurity and Infrastructure Security Agency (CISA)
• Souvik Kandar (security researcher)