LG Innotek Camera Model LNV5110R

MonitorCVSS 7ICS-CERT ICSA-25-205-04Jul 25, 2025

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

LG Innotek LNV5110R IP camera (all versions) contains an authentication bypass vulnerability (CWE-288) that could allow an attacker with network access to gain administrative access to the device. LG has declared this an end-of-life product and will not release patches. CVSS 7.0 / EPSS 0.4%.

What this means

What could happen

An attacker with network access to the camera could gain administrative credentials or access, potentially allowing control over the camera's operation, video feed capture, or use as a pivot point into your facility network.

Who's at risk

Facility security and surveillance operations relying on LG Innotek LNV5110R IP cameras. This affects access control monitoring, perimeter security, and incident recording at water utilities, electric facilities, and other critical infrastructure using this end-of-life camera model.

How it could be exploited

An attacker on the network could exploit an authentication weakness in the LNV5110R's management interface to bypass credential verification and gain admin-level access to the camera. The attack has high complexity and requires network-level access but no user interaction.

Prerequisites

Network access to the camera's management port or web interface
The camera must be reachable from the attacker's network segment

remotely exploitableno authentication requiredno patch availableend-of-life product

Exploitability

Unlikely to be exploited — EPSS score 0.4%

Affected products (1)

ProductAffected VersionsFix Status

LNV5110R: vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGIsolate the LNV5110R camera on a separate network segment behind a firewall, blocking access from untrusted networks and the internet.

HARDENINGRestrict network access to the camera's management interface to authorized engineering workstations only using firewall rules.

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGIf remote access to the camera is required, implement a VPN or jump-host architecture so access does not traverse the internet directly.

Mitigations - no patch available

0/1

LNV5110R: vers:all/* has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGPlan for replacement of the LNV5110R with a currently supported camera model, as this is an end-of-life product that will not receive security updates.

CVEs (1)

CVE-2025-7742

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/41a873e5-74cc-4373-9cff-801a7df816c3

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.