10 matches found
EUVD-2024-46142
Malicious code in bioql PyPI...
(Pwn2Own) Lorex 2K Indoor Wi-Fi Security Camera Improper Validation of Array Index Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lorex 2K Indoor Wi-Fi Security Cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of requests sent to TCP port 9876. The...
The vulnerability of the IQ microprogramming software-based Lorex 2K Indoor Wi-Fi Security Camera allows a intruder to escalate their privileges to root level and gain full access to the device.
The vulnerability of the IQ microprogrammed IP camera system from Lorex 2K Indoor Wi-Fi Security Camera lies in the fact that the operation data is stored outside of the buffer in memory. Exploiting this vulnerability allows a remote attacker to elevate their privileges to root and gain full acce...
CVE-2024-52545
An unauthenticated attacker can perform an out of bounds heap read in the IQ Service TCP port 9876. This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111...
CVE-2024-52545
Lorex 2K Indoor Wi‑Fi Security Camera is affected by CVE-2024-52545: an unauthenticated attacker can perform an out-of-bounds heap read in the IQ Service (TCP port 9876). The issue is resolved in firmware version 2.800.0000000.8.R.20241111. Remediation: push the firmware update to devices as prov...
CVE-2024-52545 Lorex 2K Indoor Wi-Fi Security Camera - Out of bounds heap read
An unauthenticated attacker can perform an out of bounds heap read in the IQ Service TCP port 9876. This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111...
Lorex 2K Indoor Wi-Fi Security Camera 安全漏洞
Lorex 2K Indoor Wi-Fi Security Camera is a series of security cameras from Lorex Canada. A security vulnerability previously existed in Lorex 2K Indoor Wi-Fi Security Camera version 2.800.0000000.8.R.20241111. An attacker could exploit this vulnerability to perform an out-of-bounds heap read in t...
Xplico Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Xplico Remote Code Execution', 'Description' = %q This module exploits command injection vulnerability. Unauthenticated users can register a new...
Xplico - Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Xplico Remote Code Execution', 'Description' = %q This module exploits command injection vulnerability. Unauthenticated users can register a new...
Xplico Remote Code Execution
This module exploits command injection vulnerability. Unauthenticated users can register a new account and then execute a terminal command under the context of the root user. The specific flaw exists within the Xplico, which listens on TCP port 9876 by default. The goal of Xplico is extract from ...