Critical Unpatched Vulnerability in LG LNV5110R Cameras Allows Admin Access

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about an unpatched authentication bypass vulnerability in LG LNV5110R cameras. This vulnerability, tracked as CVE-2025-7742 with a CVSS score of 8.3, allows attackers to gain administrative access to affected devices. The vulnerability specifically impacts end-of-life (EOL) LG LNV5110R cameras, highlighting the risks associated with unsupported devices. The authentication bypass vulnerability enables attackers to bypass the normal authentication process and gain admin privileges. With such access, attackers can potentially take full control of the cameras, leading to various malicious activities such as unauthorized surveillance, data exfiltration, or using the cameras as a pivot point to access other parts of the network. The high CVSS score of 8.3 underscores the severity of this vulnerability and the significant risk it poses. This vulnerability underscores the critical importance of managing end-of-life devices within an organization's network. EOL devices often no longer receive security updates, making them attractive targets for attackers. Organizations must maintain an accurate inventory of all network devices, including their lifecycle status, and take appropriate actions to mitigate risks associated with EOL devices. This could involve replacing or retiring these devices, or isolating them from the network to limit potential damage. Network segmentation is another crucial measure to limit the impact of such vulnerabilities. By placing these cameras on a separate network segment, organizations can reduce the risk of lateral movement by attackers. Regular vulnerability assessments and penetration testing are also essential to identify and address such vulnerabilities before they are exploited by malicious actors. In conclusion, the discovery of this vulnerability in LG LNV5110R cameras serves as a stark reminder of the risks posed by end-of-life devices. Organizations must take proactive steps to identify, mitigate, and manage these risks to protect their networks and data from potential breaches.