EUVD-2012-6304

Malware in sbrugna...

(Pwn2Own) Lorex 2K Indoor Wi-Fi Security Camera Improper Validation of Array Index Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lorex 2K Indoor Wi-Fi Security Cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of requests sent to TCP port 9876. The...

(Pwn2Own) Lorex 2K Indoor Wi-Fi Security Camera Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lorex 2K Indoor Wi-Fi Security Cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the sonia module. The issue results from the lack of...

PT-2025-31439 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: Lorex 2K Indoor Wi-Fi Security Camera affected versions not specified Description: The Lorex 2K Indoor Wi-Fi Security Camera is susceptible to a stack-based buffer overflow, potentially leading to remote code execution. This issue was...

(Pwn2Own) Lorex 2K Indoor Wi-Fi Security Camera Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lorex 2K Indoor Wi-Fi Security Cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the sonia module. The issue results from the lack of...

PT-2025-31445 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: Lorex 2K Indoor Wi-Fi Security Camera affected versions not specified Description: The Lorex 2K Indoor Wi-Fi Security Camera contains an improper validation of array index flaw that can lead to remote code execution. The issue was discovered...

CVE-2024-48799

An issue in LOREX TECHNOLOGY INC com.lorexcorp.lorexping 1.4.22 allows a remote attacker to obtain sensitive information via the firmware update process...

CVE-2012-6451

Lorex LNC116 and LNC104 IP Cameras have a Remote Authentication Bypass Vulnerability...

Lorex 2K Indoor Wi-Fi Security Camera: Multiple Vulnerabilities (FIXED)

The Lorex 2K Indoor Wi-Fi Security Camera is a consumer security device that provides cloud-based video camera surveillance capabilities. This device was a target at the 2024 Pwn2Own IoT competition. Rapid7 developed an unauthenticated remote code execution RCE exploit chain as an entry for the...

Lorex 2K Indoor Wi-Fi Security Camera: Multiple Vulnerabilities (FIXED)

The Lorex 2K Indoor Wi-Fi Security Camera is a consumer security device that provides cloud-based video camera surveillance capabilities. This device was a target at the 2024 Pwn2Own IoT competition. Rapid7 developed an unauthenticated remote code execution RCE exploit chain as an entry for the...

CVE-2024-52548 Lorex 2K Indoor Wi-Fi Security Camera - Code signing bypass

An attacker who can execute arbitrary Operating Systems commands, can bypass code signing enforcements in the kernel, and execute arbitrary native code. This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111...

CVE-2024-52548 Lorex 2K Indoor Wi-Fi Security Camera - Code signing bypass

An attacker who can execute arbitrary Operating Systems commands, can bypass code signing enforcements in the kernel, and execute arbitrary native code. This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111...

CVE-2024-52548

Lorex 2K Indoor Wi‑Fi Security Camera is affected by CVE-2024-52548 where an attacker can bypass kernel code signing enforcements and execute arbitrary native code. The issue is part of a five‑vulnerability exploit chain (CVE-2024-52544 to CVE-2024-52548) that enables unauthenticated RCE via a tw...

CVE-2024-52547 Lorex 2K Indoor Wi-Fi Security Camera - Stack buffer overflow

An authenticated attacker can trigger a stack based buffer overflow in the DHIP Service TCP port 80. This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111...

CVE-2024-52547

CVE-2024-52547 affects Lorex 2K Indoor Wi‑Fi Security Camera via the DHIP Service (TCP port 80) . An authenticated attacker can trigger a stack-based buffer overflow potentially enabling code execution. Vendor patch released in firmware version 2.800.0000000.8.R.20241111. Remediation: apply the f...

CVE-2024-52546 Lorex 2K Indoor Wi-Fi Security Camera - Null pointer dereference

An unauthenticated attacker can perform a null pointer dereference in the DHIP Service UDP port 37810. This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111...

CVE-2024-52546

Lorex 2K Indoor Wi‑Fi Security Camera is affected by CVE-2024‑52546: an unauthenticated user can trigger a null pointer dereference in the DHIP Service (UDP port 37810). The issue is addressed in firmware version 2.800.0000000.8.R.20241111. The public sources describe an exploit chain affecting m...

CVE-2024-52546 Lorex 2K Indoor Wi-Fi Security Camera - Null pointer dereference

An unauthenticated attacker can perform a null pointer dereference in the DHIP Service UDP port 37810. This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111...

CVE-2024-52545 Lorex 2K Indoor Wi-Fi Security Camera - Out of bounds heap read

An unauthenticated attacker can perform an out of bounds heap read in the IQ Service TCP port 9876. This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111...

CVE-2024-52545

Lorex 2K Indoor Wi‑Fi Security Camera is affected by CVE-2024-52545: an unauthenticated attacker can perform an out-of-bounds heap read in the IQ Service (TCP port 9876). The issue is resolved in firmware version 2.800.0000000.8.R.20241111. Remediation: push the firmware update to devices as prov...