Shenzhen Liandian Communication Technology OEM IP Camera Telnet Service Root Access Vulnerability

A vulnerability exists in an OEM IP camera by Shenzhen Liandian Communication Technology LTD, which exposes an undocumented Telnet service on port 23. This service, enabled by default, is accessible using default credentials that are not disclosed in the user manual or through the device's web interface. An attacker with network access can use these credentials to gain root-level shell access. The vulnerability is present in the firmware version AppFHE1_V1.0.6.0, with a kernel version of KerFHE1_PTZ_WIFI_V3.1.1 and hardware version HwFHE1_WF6_PTZ_WIFI_20201218. No official fix or firmware update is available, and the vendor could not be contacted.

Impact

Exploitation of this vulnerability leads to unauthorized root access on the device, allowing complete control over the camera, including its filesystem, network functions, and video feeds. Additionally, the undocumented Telnet service acts as a backdoor, providing remote code execution capabilities.