LG surveillance cameras are vulnerable to remote attacks due to a recently discovered vulnerability. However, it has become known that they will not receive patches.
Last week, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) reported a vulnerability in LG Innotek LNV5110R cameras that allows for authentication bypass, enabling attackers to gain administrative access to the device.
The issue has been identified as CVE-2025-7742 and allows an attacker to upload data to the non-volatile storage of the device via an HTTP POST request, ultimately leading to remote code execution with elevated privileges.
CISA emphasized that the vulnerable cameras are used worldwide, including in the critical infrastructure of many commercial facilities.
Experts have notified representatives of LG Innotek about the issue; however, the manufacturer stated that the vulnerability cannot be patched because the product’s lifecycle has already ended.
Cybersecurity specialist Souvik Kandar from MicroSec, who is credited by CISA with discovering the vulnerability, reported that around 1,300 cameras can now be found online, which may be remotely hacked.
According to the researcher, attackers can exploit the vulnerability to gain access to live streams, disable the camera, and perform other malicious actions.
“This is an unauthenticated remote code execution vulnerability,” explained Kandar. “Attackers can upload a reverse shell without logging in, gain administrator privileges, execute arbitrary Linux commands, and use the device as a launch pad for infiltrating internal company networks.”