Critical LG Camera Flaw Exposes 1,300 Devices to Remote Takeover
A critical security vulnerability, tracked as CVE-2025-7742, has been discovered in end-of-life LG LNV5110R cameras. The flaw allows attackers to gain admin access and remotely execute code with elevated privileges. Researchers have warned that these devices, deployed globally, are at risk, with around 1,300 vulnerable cameras exposed online.
The vulnerability was recently reported to the Cybersecurity and Infrastructure Security Agency (CISA) by researcher Souvik Kandar. It enables an attacker to upload an HTTP POST request, leading to remote code execution and unauthorized access with admin privileges. This allows hackers to take over the cameras and potentially pivot into connected networks.
LG Innotek, the manufacturer, is aware of the issue but has stated that they will not provide a patch. The cameras are end-of-life products, and official support has ended. Users are advised to disconnect these devices from their networks immediately and replace them with supported alternatives to minimize security risks. The vulnerability has been given a CVSS score of 8.3, indicating its high severity.
Approximately 1,300 LG LNV5110R cameras are estimated to be exposed online and vulnerable to this authentication bypass flaw. Given the global deployment, including within critical infrastructure sectors, the potential impact is significant. Users are urged to take immediate action to secure their networks by disconnecting affected cameras and seeking supported alternatives.
