PT-2024-9304 · Lorex · Lorex 2K Indoor Wi-Fi Security Camera
Stephen Fewer
·
Published
2024-10-29
·
Updated
2025-09-05
·
CVE-2024-52547
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
Lorex 2K Indoor Wi-Fi Security Camera versions prior to 2.800.0000000.8.R.20241111
Description:
An authenticated attacker can trigger a stack-based buffer overflow in the DHIP Service (TCP port 80). This issue allows a remote attacker to potentially execute arbitrary code. The vulnerability is related to the DHIP service and can be exploited through a connection on TCP port 80.
Recommendations:
For versions prior to 2.800.0000000.8.R.20241111, update the firmware to version 2.800.0000000.8.R.20241111 to resolve the issue. As a temporary workaround, consider restricting access to the DHIP service on TCP port 80 until the update is applied.
Exploit
Fix
Memory Corruption
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Lorex 2K Indoor Wi-Fi Security Camera