Severe Salesforce Tableau Vulnerabilities Enable Remote Code Execution – Urgent Patch Required

A critical security vulnerability has been discovered in LG Innotek’s LNV5110R CCTV camera model, allowing attackers to gain complete administrative control over affected devices through remote exploitation.

The Cybersecurity and Infrastructure Security Agency (CISA) issued advisory ICSA-25-205-04 on July 24, 2025, warning that this authentication bypass vulnerability affects all versions of the camera model and carries a severe CVSS v4 base score of 8.3.

Vulnerability Discovered in End-of-Life Security Camera

The vulnerability, designated as CVE-2025-7742, represents an authentication bypass using an alternate path or channel, classified under CWE-288 in the Common Weakness Enumeration database.

Security researcher Souvik Kandar reported this critical flaw to CISA, highlighting how malicious actors can exploit the camera’s firmware to upload HTTP POST requests directly to the device’s non-volatile storage.

The affected LG Innotek camera model, LNV5110R, is deployed worldwide across commercial facilities, making this vulnerability particularly concerning for organizations that rely on these surveillance systems.

The attack vector requires network access but no user interaction, allowing remote attackers to execute arbitrary commands with administrator-level privileges once successfully exploited.

Technical Analysis Reveals Authentication Bypass Exploit

The vulnerability’s technical profile reveals sophisticated attack capabilities with a CVSS v3 base score of 7.0 using the vector string AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L.

The updated CVSS v4 assessment yields a higher base score of 8.3 with the vector string AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N, indicating high confidentiality impact and low integrity and availability impacts.

The exploit mechanism involves manipulating the camera’s authentication system through alternate channels, bypassing normal security controls.

This remote code execution capability enables attackers to run arbitrary commands on target devices, potentially compromising entire surveillance networks.

The vulnerability’s high attack complexity suggests that while exploitation requires technical expertise, the potential impact remains severe due to the administrative access gained.

CISA Issues Mitigation Guidance Despite No Available Patches

LG Innotek has acknowledged the vulnerability but confirmed that the LNV5110R model is an end-of-life product that will not receive security patches.

The company directs users to their LG Security Center for additional guidance, leaving organizations with limited remediation options.

CISA recommends implementing defense-in-depth strategies, including network isolation, firewall protection, and VPN access controls.

Organizations should minimize network exposure for affected devices and ensure they remain inaccessible from the internet.

Despite the vulnerability’s publication, CISA reports no known public exploitation attempts targeting this specific flaw, though the agency continues monitoring for suspicious activity.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates

The post Severe Salesforce Tableau Vulnerabilities Enable Remote Code Execution – Urgent Patch Required appeared first on Cyber Security News.