๐ Date: July 28, 2025
๐จ Affected Devices: LG Innotek Smart Cameras (various industrial/enterprise models)
๐ฏ Risk Level: Critical โ Full Admin Access
๐ ๏ธ CVE IDs: CVE-2025-40145, CVE-2025-40146, CVE-2025-40147
๐ง Attack Type: Remote Code Execution (RCE), Authentication Bypass
Security researchers have disclosed multiple severe vulnerabilities in LG Innotek smart cameras, which are widely deployed in:
These flaws can be exploited remotely to gain administrative privileges, control the camera, extract video feeds, or pivot further into the network.
| CVE ID | Description | CVSS Score |
|---|---|---|
| CVE-2025-40145 | Hardcoded credentials allow login bypass | 9.8 ๐ฅ |
| CVE-2025-40146 | RCE via unvalidated input in web interface | 9.1 ๐จ |
| CVE-2025-40147 | Privilege escalation flaw in firmware | 8.7 โ ๏ธ |
โ๏ธ Gain full control of the camera
โ๏ธ View, modify, or delete footage
โ๏ธ Reconfigure device remotely
โ๏ธ Install custom backdoors
โ๏ธ Use as a pivot point into internal networks
In targeted attacks, these cameras can become surveillance blind spots or internal footholds.
๐ Patch immediately โ LG Innotek has released firmware updates
๐ Change default credentials on all deployed devices
๐ Isolate cameras on VLANs or separate subnets
๐งช Run vulnerability scans to detect unpatched units
๐ Restrict external web access to camera interfaces
Organizations using LG Innotek IP-based smart cameras for:
"Surveillance systems are often overlooked in cybersecurity planning. These vulnerabilities show how a single insecure device can compromise physical and digital security alike. Patch now, or be watched instead of watching."
โ Full advisory and patch links: www.cyberdudebivash.com/lg-innotek-rce
๐ฅ Download affected model list (PDF): Click Here
๐ Subscribe for daily alerts and zero-day feeds
๐ Website: cyberdudebivash.com
๐ฒ Follow on: LinkedIn | X/Twitter | RSS Feed