Aoun Shah

Name of the Vulnerable Software and Affected Versions: Shenzhen Liandian Communication Technology LTD OEM IP Camera version AppFHE1 V1.0.6.0 Description: An OEM IP camera manufactured by Shenzhen Liandian Communication Technology LTD exposes a Telnet service (port 23) with undocumented, default credentials. The Telnet service is enabled by default and is not disclosed or configurable via the device’s web interface or user manual. An attacker with network access can authenticate using default credentials and gain root-level shell access to the device, allowing for remote code execution and privilege escalation. Recommendations: For version AppFHE1 V1.0.6.0, as there is no official fix or firmware update available, consider disabling the Telnet service if possible.