CVE-2024-52548

Lorex 2K Indoor Wi-Fi Security Camera - Code signing bypass

CVSS 6.7 MEDIUMEPSS 0.2%CWE-345

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 6.7EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

03 dic 2024Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

An attacker who can execute arbitrary Operating Systems commands, can bypass code signing enforcements in the kernel, and execute arbitrary native code. This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Productos afectados

Lorex · 2K Indoor Wi-Fi Security Camera

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/sfewer-r7/LorexExploit https://www.rapid7.com/blog/post/2024/12/03/lorex-2k-indoor-wi-fi-security-camera-multiple-vulnerabilities-fixed/