Hundreds of LG security cameras are vulnerable to remote hacking due to a recently discovered flaw and they will not receive a patch.
The cybersecurity agency CISA revealed on Thursday that LG Innotek LNV5110R cameras are affected by an authentication bypass vulnerability that can allow an attacker to gain administrative access to the device.
The flaw, tracked as CVE-2025-7742 and assigned a ‘high severity’ rating, can allow an attacker to upload an HTTP POST request to the device’s non-volatile storage, which can result in remote code execution with elevated privileges, according to CISA.
LG Innotek has been notified, but said the vulnerability cannot be patched as the product has reached end of life.
Souvik Kandar, the MicroSec researcher credited by CISA for reporting the vulnerability, told SecurityWeek there are roughly 1,300 cameras that are exposed to the internet and which can be remotely hacked.
The researcher said an attacker could exploit the vulnerability to gain access to live streams, disrupt the camera, and for other malicious activities.
“This is a full unauthenticated remote code execution vulnerability,” Kandar explained. “An attacker can upload a reverse shell without any login, gain administrative privileges, execute arbitrary Linux commands, and use the device as a launching pad to pivot into internal networks.”
CISA said the impacted product is used worldwide, including in the commercial facilities critical infrastructure sector.
SecurityWeek has reached out to LG Innotek for comment and will update this article if the company responds.
Kandar said he reported 50 vulnerabilities this year, including in smart weather systems, seismic sensors, marine systems, routers, and OT devices, including AutomationDirect, Instantel and Lantronix products designed for industrial environments.
Learn More at SecurityWeek’s ICS Cybersecurity Conference
The leading global conference series for Operations, Control Systems and OT/IT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.
October 27-30, 2025 | Atlanta
www.icscybersecurityconference.com
Related: 40,000 Security Cameras Exposed to Remote Hacking
Related: Vulnerabilities Allow Remote Hacking of Inaba Plant Monitoring Cameras
Related: Unpatched Edimax Camera Flaw Exploited Since at Least May 2024
