CVE-2025-65817 – LSC Smart Connect Indoor IP Camera version 1.4.... (How to Fix)

Q: What is the severity of CVE-2025-65817?

CVE-2025-65817 has a CVSS score of 8.8 (HIGH). LSC Smart Connect Indoor IP Camera version 1.4.13 contains a remote code execution vulnerability in the start_app.sh script. Attackers can execute arbitrary commands on affected cameras, potentially taking full control of the device. This affects all users running the vulnerable firmware version.

📋 TL;DR

LSC Smart Connect Indoor IP Camera version 1.4.13 contains a remote code execution vulnerability in the start_app.sh script. Attackers can execute arbitrary commands on affected cameras, potentially taking full control of the device. This affects all users running the vulnerable firmware version.

💻 Affected Systems

Products:

LSC Smart Connect Indoor IP Camera

Versions: 1.4.13

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running the specified firmware version are vulnerable by default.

📦 What is this software?

Smart Connect Indoor Ip Camera Firmware by Lsc

View all CVEs affecting Smart Connect Indoor Ip Camera Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device takeover allowing camera feed interception, lateral movement to internal networks, persistence installation, and participation in botnets.

🟠

Likely Case

Camera compromise leading to unauthorized video access, credential theft, and device repurposing for malicious activities.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing exploitation attempts.

🌐 Internet-Facing: HIGH - IP cameras are often directly exposed to the internet for remote access, making them prime targets.

🏢 Internal Only: MEDIUM - Internal network placement reduces exposure but still poses risk if attackers gain initial access elsewhere.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code available on GitHub, making exploitation trivial for attackers with network access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: No

Instructions:

No official patch available. Check vendor website for firmware updates and apply immediately when released.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate cameras on separate VLAN with strict firewall rules preventing external access.

Disable Remote Access

all

Turn off UPnP, port forwarding, and cloud features that expose cameras to the internet.

🧯 If You Can't Patch

Remove cameras from internet-facing networks immediately
Implement strict network access controls allowing only necessary traffic to/from cameras

🔍 How to Verify

Check if Vulnerable:

Check firmware version in camera web interface or via SSH if enabled. Version 1.4.13 is vulnerable.

Check Version:

Check camera web interface under Settings > System > Firmware Version

Verify Fix Applied:

Verify firmware version has been updated to a version later than 1.4.13.

📡 Detection & Monitoring

Log Indicators:

Unusual process execution in system logs
Unexpected shell command execution
Failed authentication attempts followed by successful access

Network Indicators:

Unusual outbound connections from camera
Suspicious incoming connections to camera ports
Anomalous traffic patterns

SIEM Query:

source="camera_logs" AND (process="start_app.sh" OR command="*sh*") AND result="success"

📊 Metadata

CVE ID: CVE-2025-65817

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-94

EPSS Score: 0.07% exploit probability (20.2th percentile)

Published: December 22, 2025

Last Updated: January 6, 2026

🔗 References

https://github.com/Istaarkk/CVE-2025-65817/blob/main/README.md Exploit,Third Party Advisory
https://github.com/Istaarkk/CVE-2025-65817/blob/main/README.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65817, you might also want to check these: