PT-2024-9330 · Lorex · Lorex 2K Indoor Wi-Fi Security Camera
Stephen Fewer
·
Published
2024-10-29
·
Updated
2024-12-04
·
CVE-2024-52545
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L |
Name of the Vulnerable Software and Affected Versions:
Lorex 2K Indoor Wi-Fi Security Camera versions prior to 2.800.0000000.8.R.20241111
Description:
An unauthenticated attacker can perform an out of bounds heap read in the IQ Service (TCP port 9876). This issue is related to a buffer overflow in the IQ service's memory, which can allow a remote attacker to elevate their privileges to the root level and gain full access to the device. The exploitation occurs through a TCP connection on port 9876.
Recommendations:
For versions prior to 2.800.0000000.8.R.20241111, update the firmware to version 2.800.0000000.8.R.20241111 to resolve the issue.
As a temporary workaround, consider restricting access to the IQ Service on TCP port 9876 until the firmware update is applied.
Exploit
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Lorex 2K Indoor Wi-Fi Security Camera