Over 1,300 Vulnerable Cameras Exposed Online, Including LG LNV5110R Models
Over 1,300 vulnerable cameras, including hundreds of LG LNV5110R models, have been exposed online. This exposure allows potential attackers to remotely control these devices and pivot into connected networks. The vulnerability, tracked as CVE-2025-7742 and rated 8.3 on the CVSS scale, affects cameras used widely in commercial and critical infrastructure sectors worldwide.
Researcher Souvik Kandar reported the flaw to the Cybersecurity and Infrastructure Security Agency (CISA). The vulnerability, present in LG LNV5110R cameras manufactured by LG Innotek, a subsidiary of LG Corporation, enables attackers to bypass authentication. This allows them to upload an HTTP POST request, leading to remote code execution with elevated privileges and admin access to the cameras.
LG Innotek is aware of the issue but has stated that the cameras are end-of-life products and will not receive a patch. This leaves the affected cameras, deployed globally including in critical infrastructure facilities, vulnerable to attacks.
With the potential for remote takeover and network pivoting, the exposed cameras pose a significant risk. Users are advised to isolate affected devices from their networks until a suitable mitigation or replacement plan is implemented. LG Innotek's decision not to patch the cameras underscores the importance of regular updates and support for IoT devices.
