PT-2025-29277 · Shenzhen Liandian Communication Technology · Oem Ip Camera
Aoun Shah
·
Publicado
2025-07-11
·
Atualizado
2025-09-28
·
CVE-2025-7503
CVSS v4.0
10
Crítica
| Vetor | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Red |
Name of the Vulnerable Software and Affected Versions:
Shenzhen Liandian Communication Technology LTD OEM IP Camera version AppFHE1 V1.0.6.0
Description:
An OEM IP camera manufactured by Shenzhen Liandian Communication Technology LTD exposes a Telnet service (port 23) with undocumented, default credentials. The Telnet service is enabled by default and is not disclosed or configurable via the device’s web interface or user manual. An attacker with network access can authenticate using default credentials and gain root-level shell access to the device, allowing for remote code execution and privilege escalation.
Recommendations:
For version AppFHE1 V1.0.6.0, as there is no official fix or firmware update available, consider disabling the Telnet service if possible.
Correção
LPE
RCE
Using Hardcoded Credentials
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Oem Ip Camera