Support expired: Admin attack on LG network camera LNV5110R possible
Attackers can access the LG Innotek LNV5110R network camera with admin rights. Because support has expired, there are no more patches.
(Image: Sashkin/Shutterstock.com)
The network camera LNV5110R from LG Innotek should no longer be used: The US security authority CISA (Cybersecurity & Infrastructure Security Agency) warns of a security vulnerability for which there will no longer be a security update.
According to an article published by the agency, support for the model has expired and the network camera will no longer receive security patches. The vulnerability therefore remains and attackers can attack the network camera.
Malicious code admin gap
Because attackers can execute malicious code after a successful attack, the vulnerability (CVE-2025-7742 “high”) is considered particularly dangerous. Sending prepared HTTP POST requests should be sufficient to initiate an attack. Attackers should then be able to execute their code with admin rights. It can then be assumed that the device is completely compromised.
It remains unclear whether attackers can use the vulnerability as a springboard into networks. So far, there have been no reports of attacks. CISA does not currently explain how to detect devices that have already been attacked. Due to the attack scenario described, it is likely that attackers will create admin accounts. If you see unknown accounts in the administration interface, you should delete them immediately.
Videos by heise
Dispose of the network camera
To maintain network security, you should stop using this network camera model and switch to a current model that is still in support. If this is not directly possible, you should cut the camera's internet connection and isolate it with firewall rules. If remote access is essential, this should be done via a password-protected and encrypted VPN connection.
(des)
