OTPulse
FeedAboutContact

LG Innotek Camera Model LNV5110R

Monitor7ICS-CERT ICSA-25-205-04Jul 25, 2025
Attack VectorNetwork
Auth RequiredNone
ComplexityHigh
User InteractionNone needed
Summary

LG Innotek LNV5110R camera is vulnerable to a flaw (CWE-288) that allows unauthenticated attackers to gain administrative access with high attack complexity. The vulnerability affects all versions of the LNV5110R. LG has declared this an end-of-life product and will not issue patches.

What this means
What could happen
An attacker who gains administrative access to the LNV5110R camera could alter or disable video surveillance of critical infrastructure, potentially allowing other physical intrusions or sabotage to go undetected.
Who's at risk
Water and electric utilities that use LG Innotek LNV5110R network cameras for perimeter or facility surveillance should be concerned. This includes security monitoring systems at treatment plants, substations, pump stations, and critical access points.
How it could be exploited
An attacker on the network sends a specially crafted request to the camera's administrative interface. Due to the high attack complexity, the attacker must have specific knowledge of the device configuration or internal workings, but once successful, they obtain full administrative control without needing credentials.
Prerequisites
  • Network access to the camera device
  • High technical knowledge of device internals or specific configuration details
remotely exploitableno authentication requiredno patch availableend-of-life productaffects safety/security monitoring
Exploitability
Low exploit probability (EPSS 0.4%)
Affected products (1)
ProductAffected VersionsFix Status
LNV5110R: vers:all/*All versionsNo fix (EOL)
Remediation & Mitigation
0/3
Do now
0/2
HARDENINGIsolate the LNV5110R from the Internet and all business networks by placing it behind a firewall or on a dedicated operational network with restricted access
HARDENINGIf remote access to the camera is required, restrict it to a VPN with current security patches and access controls (e.g., IP whitelisting, authentication)
Mitigations - no patch available
0/1
LNV5110R: vers:all/* has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGPlan replacement of the LNV5110R with a supported, current camera model that receives security updates
View full CISA ICS-CERT advisory
โ†‘โ†“ Navigate ยท Esc Close
API: /api/v1/advisories/41a873e5-74cc-4373-9cff-801a7df816c3
LG Innotek Camera Model LNV5110R | CVSS 7 - OTPulse