PT-2025-29277 · Shenzhen Liandian Communication Technology · Oem Ip Camera
Aoun Shah
·
Published
2025-07-11
·
Updated
2025-09-28
·
CVE-2025-7503
CVSS v4.0
10
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Red |
Name of the Vulnerable Software and Affected Versions:
Shenzhen Liandian Communication Technology LTD OEM IP Camera version AppFHE1 V1.0.6.0
Description:
An OEM IP camera manufactured by Shenzhen Liandian Communication Technology LTD exposes a Telnet service (port 23) with undocumented, default credentials. The Telnet service is enabled by default and is not disclosed or configurable via the device’s web interface or user manual. An attacker with network access can authenticate using default credentials and gain root-level shell access to the device, allowing for remote code execution and privilege escalation.
Recommendations:
For version AppFHE1 V1.0.6.0, as there is no official fix or firmware update available, consider disabling the Telnet service if possible.
Fix
LPE
RCE
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Oem Ip Camera