LG Innotek Camera Multiple Models

Plan Patch8.6ICS-CERT ICSA-25-273-07Sep 30, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

LG Innotek LND7210 and LNV7210R network cameras contain an authentication bypass vulnerability (CWE-288) that allows an attacker to gain administrative access without valid credentials. LG Innotek has declared these products end-of-life and will not release patches. The vulnerability has a CVSS score of 8.6 and affects all firmware versions of both models.

What this means

What could happen

An attacker with network access to these cameras could gain administrative access, potentially allowing them to disable monitoring, alter recordings, or use the device as a foothold to attack other systems on your network.

Who's at risk

Water utilities and municipal electric utilities with LG Innotek LND7210 or LNV7210R network cameras used for facility monitoring, perimeter security, or remote visual inspection. Any site where these cameras are accessible from the network is at risk.

How it could be exploited

An attacker on the network sends a specially crafted request to the camera (port 80 or 443) that bypasses authentication checks. No valid credentials are required. Once successful, the attacker gains administrative control of the device.

Prerequisites

Network reachability to the camera on its management port (80 or 443)
No authentication required—vulnerability is pre-authentication

Remotely exploitableNo authentication requiredLow complexity attackNo patch available (end-of-life product)High CVSS score (8.6)

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

LG LNV7210R: vers:all/*All versionsNo fix (EOL)

LG LND7210: vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDImplement network firewall rules to restrict access to these cameras from outside the local network segment; block any internet-facing exposure

WORKAROUNDIf remote management is required, deploy a VPN and ensure all VPN endpoints and software are kept current

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGPerform impact analysis and risk assessment before implementing any network isolation to understand camera dependencies

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: LG LNV7210R: vers:all/*, LG LND7210: vers:all/*. Apply the following compensating controls:

HARDENINGIsolate camera networks from business networks using a separate VLAN or air gap

CVEs (1)

CVE-2025-10538

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0fbacb33-2548-4314-86b1-2debcce78b9c