CVE-2025-7503 (CVSS 10): Hidden Backdoor in Popular IP Camera Grants Hackers Root Access

A critical vulnerability (CVE-2025-7503) has been uncovered in an IP camera manufactured by Shenzhen Liandian Communication Technology LTD. Rated a perfect CVSSv4 score of 10, this flaw gives attackers root-level access through an undocumented Telnet service—posing serious implications for privacy and security.

The vulnerability lies in the camera’s firmware (AppFHE1_V1.0.6.0) and its associated kernel (KerFHE1_PTZ_WIFI_V3.1.1) and hardware (HwFHE1_WF6_PTZ_WIFI_20201218). The device exposes a Telnet service on port 23, which is:

• Enabled by default
• Not mentioned in the user manual
• Inaccessible via the web interface or mobile app

Even more disturbing, attackers can connect to this service using hard-coded credentials, granting immediate root shell access. As the CVE description notes, “an attacker with network access can authenticate using default credentials and gain root-level shell access to the device.”

Security researchers were unable to contact the vendor, and no firmware patch or official advisory has been issued. “Vendor does not provide a way to disable Telnet,” the report emphasizes. There’s no option to modify or remove the credentials, and no UI feature to turn off the Telnet service.

This level of access allows an attacker to:

• View or redirect live camera feeds
• Modify the filesystem
• Launch network-based attacks from the device
• Implant persistent malware or backdoors

The impact of CVE-2025-7503 goes beyond the single camera model. It demonstrates a recurring problem with low-cost, OEM-manufactured IoT devices—namely, undocumented features and insecure defaults.

With root shell access, attackers can completely take over the device. The advisory clearly warns: “Root shell access allows complete control over the device, including filesystem, networking, and camera feeds.”

In large installations—offices, schools, public spaces—such access could allow surveillance, manipulation, or use of the cameras as pivot points for internal attacks.

While there’s no vendor fix, affected users can take defensive steps:

• Isolate IP cameras from main networks using VLANs
• Block Telnet (port 23) at the network level via firewall rules
• Monitor outbound traffic for unusual behavior
• Replace the device if you require hardened security and vendor support

Related Posts:

• 0-Click NTLM Authentication Bypass Hits Microsoft Telnet Server, PoC Releases, No Patch
• Beyond Malware: Stealthy ASUS Router Exploitation Survives Reboots, Builds Botnet
• Lazarus Group Deploys New Hacking Arsenal in Targeted Cyberattacks
• Hacker group Anonymous controls over 400 Russian cameras
• Tenda Router Flaw (CVSS 9.8): Unauthenticated RCE Flaw (PoC, No Patch)