Remote Code Execution Vulnerability in OEM IP Camera by Shenzhen Liandian Communication Technology LTD
CVE-2025-7503

10CRITICAL

Key Information:

Vendor

Shenzhen Liandian Communication Technology Ltd

Status
V380 Ip Camera / Appfhe1 V1.0.6.0
Vendor
CVE Published:
11 July 2025

What is CVE-2025-7503?

An OEM IP camera from Shenzhen Liandian Communication Technology LTD is vulnerable due to the exposure of an enabled Telnet service on port 23. The Telnet interface utilizes undocumented default credentials, allowing unauthorized access. Users cannot configure or disable this service through the web interface or user documentation. An attacker with network access can exploit this weakness to gain root-level access to the device, facilitating remote code execution and privilege escalation. Currently, there is no resolution or firmware update provided by the vendor.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

V380 IP Camera / AppFHE1_V1.0.6.0 Embedded/Linux 1.0.6.0

References

https://github.com/AounShAh/Research-on-v380-cctv-ip-camera

CVSS V4

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Aoun Shah
JSON
.