AI description
CVE-2025-7503 affects an OEM IP camera manufactured by Shenzhen Liandian Communication Technology LTD. The camera exposes a Telnet service on port 23 with undocumented, default credentials. The Telnet service is enabled by default and is not disclosed or configurable via the device's web interface or user manual. An attacker with network access can authenticate using default credentials and gain root-level shell access to the device. The affected firmware version is AppFHE1_V1.0.6.0 (Kernel: KerFHE1_PTZ_WIFI_V3.1.1, Hardware: HwFHE1_WF6_PTZ_WIFI_20201218). As of July 11, 2025, no official fix or firmware update is available, and the vendor could not be contacted.
- Description
- An OEM IP camera manufactured by Shenzhen Liandian Communication Technology LTD exposes a Telnet service (port 23) with undocumented, default credentials. The Telnet service is enabled by default and is not disclosed or configurable via the device’s web interface or user manual. An attacker with network access can authenticate using default credentials and gain root-level shell access to the device. The affected firmware version is AppFHE1_V1.0.6.0 (Kernel: KerFHE1_PTZ_WIFI_V3.1.1, Hardware: HwFHE1_WF6_PTZ_WIFI_20201218). No official fix or firmware update is available, and the vendor could not be contacted. This vulnerability allows for remote code execution and privilege escalation.
- Source
- 1c6b5737-9389-4011-8117-89fa251edfb2
- NVD status
- Received
CVSS 4.0
- Type
- Secondary
- Base score
- 10
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Red
- Severity
- CRITICAL
- 1c6b5737-9389-4011-8117-89fa251edfb2
- CWE-798
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
18
Shenzhen Liandian Communication Technology LTD.社がOEM製造したIPカメラにCVSSv4スコア10の脆弱性。OEMCVE-2025-7503はハードコードされたrootの認証情報で非公式のTelnetサービスにログイン可能なもの。Telnet無効化方法は提供さ
@__kokumoto
14 Jul 2025
4761 Impressions
35 Retweets
38 Likes
10 Bookmarks
0 Replies
5 Quotes
A critical flaw (CVE-2025-7503, CVSS 10.0) in Shenzhen Liandian IP cameras allows root access via an undocumented, default-enabled Telnet service with hardcoded credentials. No patch available. #IPCamera #Vulnerability #IoTsecurity #RootAccess https://t.co/PemlxkMZnX
@the_yellow_fall
14 Jul 2025
2363 Impressions
11 Retweets
35 Likes
16 Bookmarks
0 Replies
0 Quotes
CVE-2025-7503 An OEM IP camera manufactured by Shenzhen Liandian Communication Technology LTD exposes a Telnet service (port 23) with undocumented, default credentials. The Telnet se… https://t.co/Hp3cyAtflB
@CVEnew
11 Jul 2025
422 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-7503: CRITICAL] Security alert: OEM IP camera from Shenzhen Liandian Communication exposes Telnet service with default credentials. Attackers can gain root access. No fix available. Vulnerability lea...#cve,CVE-2025-7503,#cybersecurity https://t.co/Dsm6xpm7Qv https://t.
@CveFindCom
11 Jul 2025
82 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes