CVE-2024-52545

EUVD-2024-46142
An unauthenticated attacker can perform an out of bounds heap read in the IQ Service (TCP port 9876). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
lorextechnologyw461asc-e_firmware
𝑥
< 2.800.0000000.8.r.20241111
ADP
Common Weakness Enumeration
References
https://github.com/sfewer-r7/LorexExploit
https://www.rapid7.com/blog/post/2024/12/03/lorex-2k-indoor-wi-fi-security-camera-multiple-vulnerabilities-fixed/