An OEM IP camera manufactured by Shenzhen Liandian Communication Technology LTD exposes a Telnet service (port 23) with undocumented, default credentials. The Telnet service is enabled by default and is not disclosed or configurable via the device’s web interface or user manual. An attacker with network access can authenticate using default credentials and gain root-level shell access to the device. The affected firmware version is AppFHE1_V1.0.6.0 (Kernel: KerFHE1_PTZ_WIFI_V3.1.1, Hardware: HwFHE1_WF6_PTZ_WIFI_20201218). No official fix or firmware update is available, and the vendor could not be contacted. This vulnerability allows for remote code execution and privilege escalation.
The vulnerability results from the presence of hardcoded default credentials in the device firmware (CWE-798). The Telnet service is enabled by default, is not disclosed in the web interface or user documentation, preventing the administrator from consciously managing it or disabling it. An attacker with network access to port 23 can authenticate without restriction using the default credentials and obtain an interactive system shell with root privileges.
Attacker gains full control of the device at root level, enabling remote code execution (RCE), privilege escalation (LPE), configuration modification, eavesdropping on camera footage, and potential exploitation of the device as an entry point to the local network.
No official patch or firmware update is available — the manufacturer was unreachable. It is recommended to immediately isolate devices from public networks, block access to TCP port 23 (Telnet) at the firewall or network switch level, and consider decommissioning devices until an official patch is released by the manufacturer.
OEM IP cameras manufactured by Shenzhen Liandian Communication Technology LTD with firmware AppFHE1_V1.0.6.0 (Kernel: KerFHE1_PTZ_WIFI_V3.1.1, Hardware: HwFHE1_WF6_PTZ_WIFI_20201218). Affects devices from the V380 CCTV IP Camera family.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Red