CVE-2024-52546

MEDIUM

DHIP Service <2.800.0000000.8.R.20241111 - Use After Free

Title source: llm

Description

An unauthenticated attacker can perform a null pointer dereference in the DHIP Service (UDP port 37810). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.

References (2)

Core 2

Core References

Various Sources exploit

https://github.com/sfewer-r7/LorexExploit

View Exploit ZIP pw:eip

Third Party Advisory third-party-advisory

https://www.rapid7.com/blog/post/2024/12/03/lorex-2k-indoor-wi-fi-security-camera-multiple-vulnerabilities-fixed/

Scores

CVSS v3 5.3

EPSS 0.0031

EPSS Percentile 54.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-476

Status published

Products (1)

Lorex/2K Indoor Wi-Fi Security Camera < 2.800.0000000.8.R.20241111

Published Dec 03, 2024

Tracked Since Feb 18, 2026