PT-2024-9329 · Lorex · Lorex 2K Indoor Wi-Fi Security Camera
Stephen Fewer
·
Published
2024-10-29
·
Updated
2024-12-04
·
CVE-2024-52546
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions:
Lorex 2K Indoor Wi-Fi Security Camera versions prior to 2.800.0000000.8.R.20241111
Description:
An unauthenticated attacker can perform a null pointer dereference in the
DHIP Service using the UDP port 37810. This issue can potentially allow a remote attacker to elevate privileges to the root level and gain full access to the device.Recommendations:
For versions prior to 2.800.0000000.8.R.20241111, update the firmware to version 2.800.0000000.8.R.20241111 to resolve the issue. As a temporary workaround, consider restricting access to the
DHIP Service on UDP port 37810 until the update is applied.Exploit
Fix
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Lorex 2K Indoor Wi-Fi Security Camera