CVE-2024-5633

HIGH

Longse model LBH30FE200W - Code Injection

Title source: llm

Description

Longse model LBH30FE200W cameras, as well as products based on this device, provide an unrestricted access for an attacker located in the same local network to an undocumented binary service CoolView on one of the ports. An attacker with a knowledge of the available commands is able to perform read/write operations on the device's memory, which might result in e.g. bypassing telnet login and obtaining full access to the device.

Exploits (1)

nomisec WORKING POC 1 stars

by Adikso · poc

https://github.com/Adikso/CVE-2024-5633

View Code ZIP pw:eip

References (3)

[Various Sources] https://zamel.com/pl/gardi/zestaw-monitoringu-bezprzewodowego-wi-fi-typ-zmb-01

[Various Sources] https://cert.pl/en/posts/2024/07/CVE-2024-5631/

[Various Sources] https://cert.pl/posts/2024/07/CVE-2024-5631/

Scores

CVSS v4 7.5

EPSS 0.0303

EPSS Percentile 86.7%

CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-912

Status published

Products (2)

Longse Technology/LBH30FE200W

Zamel/ZMB-01/C

Published Jul 09, 2024

Tracked Since Feb 18, 2026