CVE-2025-7742

An authentication vulnerability exists in the LG Innotek camera model LNV5110R firmware that allows a malicious actor to upload an HTTP POST request to the devices non-volatile storage. This action may result in remote code execution that allows an attacker to run arbitrary commands on the target device at the administrator privilege level.

CVSS

No CVSS.

References

Link	Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-25-205-04

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Existe una vulnerabilidad de autenticación en el firmware de la cámara LG Innotek, modelo LNV5110R, que permite a un atacante cargar una solicitud HTTP POST al almacenamiento no volátil del dispositivo. Esta acción puede provocar la ejecución remota de código, lo que permite a un atacante ejecutar comandos arbitrarios en el dispositivo objetivo con privilegios de administrador.

25 Jul 2025, 00:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-25 00:15

Updated : 2026-04-15 00:35

NVD link : CVE-2025-7742

Mitre link : CVE-2025-7742

CVE.ORG link : CVE-2025-7742

JSON object : View

Products Affected

No product.

CWE

CWE-288

Authentication Bypass Using an Alternate Path or Channel

{"id": "CVE-2025-7742", "cveTags": [{"tags": ["unsupported-when-assigned"], "sourceIdentifier": "product.security@lge.com"}], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "product.security@lge.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-25T00:15:24.960", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-205-04", "source": "product.security@lge.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "product.security@lge.com", "description": [{"lang": "en", "value": "CWE-288"}]}], "descriptions": [{"lang": "en", "value": "An authentication vulnerability exists in the LG Innotek camera model LNV5110R firmware that allows a malicious actor to upload an HTTP POST request to the devices non-volatile storage. This action may result in remote code execution that allows an attacker to run arbitrary commands on the target device at the administrator privilege level."}, {"lang": "es", "value": "Existe una vulnerabilidad de autenticaci\u00f3n en el firmware de la c\u00e1mara LG Innotek, modelo LNV5110R, que permite a un atacante cargar una solicitud HTTP POST al almacenamiento no vol\u00e1til del dispositivo. Esta acci\u00f3n puede provocar la ejecuci\u00f3n remota de c\u00f3digo, lo que permite a un atacante ejecutar comandos arbitrarios en el dispositivo objetivo con privilegios de administrador."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "product.security@lge.com"}