Lorex 2K Indoor Wi-Fi Security Camera vulnerabilities
5 known vulnerabilities affecting lorex/2k_indoor_wi-fi_security_camera.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2024-52544P2CRITICALCVSS 9.8fixed in 2.800.0000000.8.R.202411112024-12-03
CVE-2024-52544 [CRITICAL] CWE-121 CVE-2024-52544: An unauthenticated attacker can trigger a stack based buffer overflow in the DP Service (TCP port 35
An unauthenticated attacker can trigger a stack based buffer overflow in the DP Service (TCP port 3500). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.
nvd
CVE-2024-52547P3HIGHCVSS 7.2fixed in 2.800.0000000.8.R.202411112024-12-03
CVE-2024-52547 [HIGH] CWE-121 CVE-2024-52547: An authenticated attacker can trigger a stack based buffer overflow in the DHIP Service (TCP port 80
An authenticated attacker can trigger a stack based buffer overflow in the DHIP Service (TCP port 80). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.
nvd
CVE-2024-52545P3MEDIUMCVSS 6.5fixed in 2.800.0000000.8.R.202411112024-12-03
CVE-2024-52545 [MEDIUM] CWE-125 CVE-2024-52545: An unauthenticated attacker can perform an out of bounds heap read in the IQ Service (TCP port 9876)
An unauthenticated attacker can perform an out of bounds heap read in the IQ Service (TCP port 9876). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.
nvd
CVE-2024-52548P4MEDIUMCVSS 6.7fixed in 2.800.0000000.8.R.202411112024-12-03
CVE-2024-52548 [MEDIUM] CWE-345 CVE-2024-52548: An attacker who can execute arbitrary Operating Systems commands, can bypass code signing enforcemen
An attacker who can execute arbitrary Operating Systems commands, can bypass code signing enforcements in the kernel, and execute arbitrary native code. This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.
nvd
CVE-2024-52546P4MEDIUMCVSS 5.3fixed in 2.800.0000000.8.R.202411112024-12-03
CVE-2024-52546 [MEDIUM] CWE-476 CVE-2024-52546: An unauthenticated attacker can perform a null pointer dereference in the DHIP Service (UDP port 378
An unauthenticated attacker can perform a null pointer dereference in the DHIP Service (UDP port 37810). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.
nvd