PT-2024-35369 · Lorex · Lorex 2K Indoor Wi-Fi Security Camera
Stephen Fewer
·
Published
2024-12-03
·
Updated
2024-12-04
·
CVE-2024-52548
CVSS v3.1
6.7
Medium
| Vector | AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Lorex 2K Indoor Wi-Fi Security Camera versions prior to 2.800.0000000.8.R.20241111
Description
An attacker who can execute arbitrary Operating Systems commands can bypass code signing enforcements in the kernel and execute arbitrary native code. The issue allows manipulation that leads to insufficient data authenticity verification.
Recommendations
For versions prior to 2.800.0000000.8.R.20241111, upgrade to version 2.800.0000000.8.R.20241111 or later to resolve the issue. As a temporary workaround, consider restricting access to the kernel to minimize the risk of exploitation.
Exploit
Fix
Insufficient Verification of Data Authenticity
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Lorex 2K Indoor Wi-Fi Security Camera