CVE-2025-7503

Published Jul 11, 2025

Last updated a month ago

CVSS critical 10.0
Shenzhen Lilian

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-7503 affects an OEM IP camera manufactured by Shenzhen Liandian Communication Technology LTD. The camera exposes a Telnet service on port 23 with undocumented, default credentials. The Telnet service is enabled by default and is not disclosed or configurable via the device's web interface or user manual. An attacker with network access can authenticate using default credentials and gain root-level shell access to the device. The affected firmware version is AppFHE1_V1.0.6.0 (Kernel: KerFHE1_PTZ_WIFI_V3.1.1, Hardware: HwFHE1_WF6_PTZ_WIFI_20201218). As of July 11, 2025, no official fix or firmware update is available, and the vendor could not be contacted.

Description
An OEM IP camera manufactured by Shenzhen Liandian Communication Technology LTD exposes a Telnet service (port 23) with undocumented, default credentials. The Telnet service is enabled by default and is not disclosed or configurable via the device’s web interface or user manual. An attacker with network access can authenticate using default credentials and gain root-level shell access to the device. The affected firmware version is AppFHE1_V1.0.6.0 (Kernel: KerFHE1_PTZ_WIFI_V3.1.1, Hardware: HwFHE1_WF6_PTZ_WIFI_20201218). No official fix or firmware update is available, and the vendor could not be contacted. This vulnerability allows for remote code execution and privilege escalation.
Source
1c6b5737-9389-4011-8117-89fa251edfb2
NVD status
Awaiting Analysis

Risk scores

CVSS 4.0

Type
Secondary
Base score
10
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Red
Severity
CRITICAL

Weaknesses

1c6b5737-9389-4011-8117-89fa251edfb2
CWE-798

Social media

Hype score
Not currently trending
  1. #VulnerabilityReport #CVE20257503 CVE-2025-7503 (CVSS 10): Hidden Backdoor in Popular IP Camera Grants Hackers Root Access https://t.co/4ril8fKZos

    @Komodosec

    18 Aug 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 📌 Critical vulnerability (CVE-2025-7503) found in popular IP cameras, allowing root access. #CyberSecurity #IPCameras https://t.co/9qSASIVMF8 https://t.co/qdpbZMJpHP

    @CyberHub_blog

    15 Jul 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Shenzhen Liandian Communication Technology LTD.社がOEM製造したIPカメラにCVSSv4スコア10の脆弱性。OEMCVE-2025-7503はハードコードされたrootの認証情報で非公式のTelnetサービスにログイン可能なもの。Telnet無効化方法は提供さ

    @__kokumoto

    14 Jul 2025

    4761 Impressions

    35 Retweets

    38 Likes

    10 Bookmarks

    0 Replies

    5 Quotes

  4. A critical flaw (CVE-2025-7503, CVSS 10.0) in Shenzhen Liandian IP cameras allows root access via an undocumented, default-enabled Telnet service with hardcoded credentials. No patch available. #IPCamera #Vulnerability #IoTsecurity #RootAccess https://t.co/PemlxkMZnX

    @the_yellow_fall

    14 Jul 2025

    2363 Impressions

    11 Retweets

    35 Likes

    16 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2025-7503 An OEM IP camera manufactured by Shenzhen Liandian Communication Technology LTD exposes a Telnet service (port 23) with undocumented, default credentials. The Telnet se… https://t.co/Hp3cyAtflB

    @CVEnew

    11 Jul 2025

    422 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. [CVE-2025-7503: CRITICAL] Security alert: OEM IP camera from Shenzhen Liandian Communication exposes Telnet service with default credentials. Attackers can gain root access. No fix available. Vulnerability lea...#cve,CVE-2025-7503,#cybersecurity https://t.co/Dsm6xpm7Qv https://t.

    @CveFindCom

    11 Jul 2025

    82 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.