InfoSecBulletin Cybersecurity for mankind
A severe vulnerability (CVE-2025-7503) has been found in an IP camera from Shenzhen Liandian Communication Technology LTD. With a CVSSv4 score of 10, this issue allows attackers root access via an undocumented Telnet service, threatening privacy and security.
The vulnerability lies in the camera’s firmware (AppFHE1_V1.0.6.0) and its associated kernel (KerFHE1_PTZ_WIFI_V3.1.1) and hardware (HwFHE1_WF6_PTZ_WIFI_20201218). The device exposes a Telnet service on port 23, which is:
Enabled by default
Not mentioned in the user manual
Inaccessible via the web interface or mobile app
Node.js Flaws Expose Windows Apps to Path Traversal & HashDoS Attacks
Broadcom fixes multiple vulnerabilities in VMware ESXi, Workstation, and Fusion
Oracle Patched 309 Vulnerabilities with 145 Remotely Exploitable Flaw
Microsoft Extends 365 Support Until 2028 with ESU Program
Meta’s $100B AI Push: Gigawatt-Size Data Centers Spark Water Crisis
4 vulns impact Gigabyte motherboards to UEFI malware bypassing Secure Boot
Wing FTP 2000+ Servers Exposed Online: Actively Exploiting
CVE-2025-7503 (CVSS 10)
Backdoor in popular IP Camera Allows Hackers Root Access
(CVE-2025-25257)
Patch Urgently! Exploits for pre-auth Fortinet FortiWeb RCE flaw released
GP launched appless ‘GP Shield’ to protect mobile for only 50 TK
Even more disturbing, attackers can connect to this service using hard-coded credentials, granting immediate root shell access. As the CVE description notes, “an attacker with network access can authenticate using default credentials and gain root-level shell access to the device.”
Security researchers couldn’t reach the vendor, so no firmware update or official statement has been released. The report highlights that the vendor does not allow disabling Telnet. Users cannot change or remove credentials, and there’s no option to turn off the Telnet service.
This level of access allows an attacker to:
View or redirect live camera feeds
Modify the filesystem
Launch network-based attacks from the device
Implant persistent malware or backdoors
CVE-2025-7503 affects more than just one camera model; it highlights issues with low-cost OEM IoT devices that often have insecure defaults and undocumented features.
Attackers with root shell access can fully control the device. The advisory states: “Root shell access provides total control over the device, including its filesystem, networking, and camera feeds.”
In large places like offices, schools, and public areas, such access can enable surveillance, manipulation, or use of cameras for internal attacks.
While there’s no vendor fix, affected users can take defensive steps:
Isolate IP cameras from main networks using VLANs
Block Telnet (port 23) at the network level via firewall rules
Monitor outbound traffic for unusual behavior
Replace the device if you require hardened security and vendor support
