SecurityWeek reports that LG Innotek has noted that it will no longer issue a fix for a recently discovered high-severity authentication bypass security issue impacting its already obsolete LNV5110R cameras.
Threat actors could leverage the flaw, tracked as CVE-2025-7742, to facilitate remote code execution and administrative access, said the Cybersecurity and Infrastructure Security Agency. Nearly 1,300 internet-exposed LG Innotek LNV5110R cameras were noted by MicroSec researcher Souvik Kandar to be potentially compromised through the vulnerability. "An attacker can upload a reverse shell without any login, gain administrative privileges, execute arbitrary Linux commands, and use the device as a launching pad to pivot into internal networks," said Kandar, who discovered and reported the bug. Dozens of security issues in seismic sensors, operational technology devices, smart weather systems, routers, and marine systems have already been identified and disclosed by Kandar so far this year.
Threat actors could leverage the flaw, tracked as CVE-2025-7742, to facilitate remote code execution and administrative access, said the Cybersecurity and Infrastructure Security Agency. Nearly 1,300 internet-exposed LG Innotek LNV5110R cameras were noted by MicroSec researcher Souvik Kandar to be potentially compromised through the vulnerability. "An attacker can upload a reverse shell without any login, gain administrative privileges, execute arbitrary Linux commands, and use the device as a launching pad to pivot into internal networks," said Kandar, who discovered and reported the bug. Dozens of security issues in seismic sensors, operational technology devices, smart weather systems, routers, and marine systems have already been identified and disclosed by Kandar so far this year.
