CVE-2024-52545

MEDIUM

IQ Service <2.800.0000000.8.R.20241111 - Info Disclosure

Title source: llm

Description

An unauthenticated attacker can perform an out of bounds heap read in the IQ Service (TCP port 9876). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.

References (2)

Core 2

Core References

Third Party Advisory third-party-advisory

https://www.rapid7.com/blog/post/2024/12/03/lorex-2k-indoor-wi-fi-security-camera-multiple-vulnerabilities-fixed/

Various Sources exploit

https://github.com/sfewer-r7/LorexExploit

View Exploit ZIP pw:eip

Scores

CVSS v3 6.5

EPSS 0.0059

EPSS Percentile 69.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-125

Status published

Products (1)

Lorex/2K Indoor Wi-Fi Security Camera < 2.800.0000000.8.R.20241111

Published Dec 03, 2024

Tracked Since Feb 18, 2026