PT-2024-9302 · Lorex · Lorex 2K Indoor Wi-Fi Security Camera
Stephen Fewer
·
Published
2024-10-29
·
Updated
2025-09-05
·
CVE-2024-52544
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Lorex 2K Indoor Wi-Fi Security Camera versions prior to 2.800.0000000.8.R.20241111
Description:
An unauthenticated attacker can trigger a stack-based buffer overflow in the DP Service (TCP port 3500). This issue can potentially allow a remote attacker to elevate their privileges to the root level and gain full access to the device. The vulnerability is related to a buffer overflow in the memory, which can be exploited by an attacker to gain control.
Recommendations:
For versions prior to 2.800.0000000.8.R.20241111, update the firmware to version 2.800.0000000.8.R.20241111 to resolve the issue. As a temporary workaround, consider restricting access to the DP Service on TCP port 3500 to minimize the risk of exploitation.
Exploit
Fix
RCE
Memory Corruption
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Lorex 2K Indoor Wi-Fi Security Camera