A critical security vulnerability has been discovered in LG Innotek’s LNV5110R CCTV camera model that could allow remote attackers to gain complete administrative control over affected devices.
The vulnerability, designated as CVE-2025-7742, represents a significant authentication bypass flaw that poses serious risks to organizations using these security cameras worldwide.
Critical Authentication Bypass Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory on July 24, 2025, warning about a severe authentication bypass vulnerability affecting all versions of the LG Innotek LNV5110R camera model.
| Attribute | Details |
| CVE ID | CVE-2025-7742 |
| CVSS v4 Score | 8.3 (High) |
| CVSS v3 Score | 7.0 (High) |
| CWE Classification | CWE-288 (Authentication Bypass) |
The flaw, classified under CWE-288 (Authentication Bypass Using an Alternate Path or Channel), enables malicious actors to upload HTTP POST requests to the device’s non-volatile storage.
This vulnerability carries a CVSS v4 base score of 8.3 and a CVSS v3 score of 7.0, indicating high severity. The attack vector is network-based and requires no user interaction, making it particularly dangerous for exposed devices.
Security researcher Souvik Kandar reported the vulnerability to CISA, highlighting the potential for remote code execution at administrator privilege levels.
The vulnerability affects organizations across various sectors, particularly those in commercial facilities that rely on CCTV surveillance systems.
With LG Innotek cameras deployed worldwide, the potential impact extends across international boundaries.
The South Korean manufacturer has acknowledged the vulnerability but confirmed that the LNV5110R model has reached end-of-life status and will not receive security patches.
This end-of-life designation leaves organizations with affected devices in a precarious position, as traditional patching strategies cannot address the security flaw.
The absence of available fixes significantly increases the urgency for implementing alternative protective measures.
CISA recommends organizations implement comprehensive defensive strategies to mitigate exploitation risks.
Critical measures include isolating affected cameras from internet access, deploying firewalls to separate control systems from business networks, and utilizing secure VPN connections for necessary remote access.
Organizations should conduct thorough risk assessments and consider replacing end-of-life devices with supported alternatives.
The high attack complexity provides some protection, but the lack of patches makes proactive security measures essential for maintaining network integrity and preventing unauthorized administrative access.
Get Free Ultimate SOC Requirements Checklist Before you build, buy, or switch your SOC for 2025 - Download Now
