CVE-2024-5633

HIGH

Longse model LBH30FE200W - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-5633. PoCs published by Adikso.

AI-analyzed exploit summary This PoC exploits an undocumented service (CoolView) on Longse LBH30FE200W cameras, allowing memory read/write operations to bypass telnet login by patching the login binary in memory. It demonstrates full device access via memory manipulation.

Description

Longse model LBH30FE200W cameras, as well as products based on this device, provide an unrestricted access for an attacker located in the same local network to an undocumented binary service CoolView on one of the ports. An attacker with a knowledge of the available commands is able to perform read/write operations on the device's memory, which might result in e.g. bypassing telnet login and obtaining full access to the device.

Exploits (1)

nomisec WORKING POC 1 stars

by Adikso · poc

https://github.com/Adikso/CVE-2024-5633

View Code ZIP pw:eip

This PoC exploits an undocumented service (CoolView) on Longse LBH30FE200W cameras, allowing memory read/write operations to bypass telnet login by patching the login binary in memory. It demonstrates full device access via memory manipulation.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Longse LBH30FE200W cameras (and derived products)

No auth needed

Prerequisites: Network access to the target device · CoolView service exposed on port 8830

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Various Sources product

https://zamel.com/pl/gardi/zestaw-monitoringu-bezprzewodowego-wi-fi-typ-zmb-01

Various Sources third-party-advisory

https://cert.pl/en/posts/2024/07/CVE-2024-5631/

Various Sources third-party-advisory

https://cert.pl/posts/2024/07/CVE-2024-5631/

Scores

CVSS v4 7.5

EPSS 0.0061

EPSS Percentile 44.4%

CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-912

Status published

Products (2)

Longse Technology/LBH30FE200W

Zamel/ZMB-01/C

Published Jul 09, 2024

Tracked Since Feb 18, 2026