Remote Code Execution Vulnerability in OEM IP Camera by Shenzhen Liandian Communication Technology LTD
CVE-2025-7503

10CRITICAL

Key Information:

Vendor: Shenzhen Liandian Communication Technology Ltd
Status: V380 Ip Camera / Appfhe1 V1.0.6.0
Vendor: CVE Published:; 11 July 2025

🔔 Create Shenzhen Liandian Communication Technology Ltd Vulnerability Alert

What is CVE-2025-7503?

An OEM IP camera from Shenzhen Liandian Communication Technology LTD is vulnerable due to the exposure of an enabled Telnet service on port 23. The Telnet interface utilizes undocumented default credentials, allowing unauthorized access. Users cannot configure or disable this service through the web interface or user documentation. An attacker with network access can exploit this weakness to gain root-level access to the device, facilitating remote code execution and privilege escalation. Currently, there is no resolution or firmware update provided by the vendor.

Affected Version(s)

V380 IP Camera / AppFHE1_V1.0.6.0 Embedded/Linux 1.0.6.0

References

https://github.com/AounShAh/Research-on-v380-cctv-ip-camera

CVSS V4

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 11, 2025
Vulnerability Reserved
Jul 11, 2025

Credit

Aoun Shah