CVE-2025-7742 | THREATINT

Description

An authentication vulnerability exists in the LG Innotek camera model LNV5110R firmware that allows a malicious actor to upload an HTTP POST request to the devices non-volatile storage. This action may result in remote code execution that allows an attacker to run arbitrary commands on the target device at the administrator privilege level.

PUBLISHED Reserved 2025-07-17 | Published 2025-07-24 | Updated 2025-07-25 | Assigner LGE

HIGH: 8.3CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

Problem types

CWE-288: Authentication Bypass Using an Alternate Path or Channel

Product status

Default status

affected

All (custom)

affected

References

www.cisa.gov/news-events/ics-advisories/icsa-25-205-04

cve.org (CVE-2025-7742)

nvd.nist.gov (CVE-2025-7742)

Download JSON