LG Innotek Cameras Authentication Bypass Vulnerability

An authentication bypass vulnerability has been identified in LG Innotek camera models LND7210 and LNV7210R. This vulnerability allows a malicious actor to access camera information, including user account details. The issue arises from an authentication bypass that can be exploited through an alternate path or channel.

Impact

Exploitation of this vulnerability could grant an attacker administrative access to the affected camera models.

Remediation

LG Innotek has acknowledged the vulnerability but stated that these camera models are no longer supported and cannot be patched. Users are advised to consult the LG Security Center for further guidance. CISA recommends minimizing network exposure for control system devices, using firewalls to isolate these devices from business networks, and employing secure remote access methods such as VPNs.