CVE-2024-52544

An unauthenticated attacker can trigger a stack based buffer overflow in the DP Service (TCP port 3500). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/sfewer-r7/LorexExploit
https://www.rapid7.com/blog/post/2024/12/03/lorex-2k-indoor-wi-fi-security-camera-multiple-vulnerabilities-fixed/

Configurations

No configuration.

History

05 Sep 2025, 09:15

Type	Values Removed	Values Added
CWE	~~CWE-787~~	CWE-121
Summary		(es) Un atacante no autenticado puede provocar un desbordamiento de búfer en la región stack de la memoria en el servicio DP (puerto TCP 3500). Esta vulnerabilidad se ha resuelto en la versión de firmware 2.800.0000000.8.R.20241111.

03 Dec 2024, 21:15

Type	Values Removed	Values Added
References		() https://www.rapid7.com/blog/post/2024/12/03/lorex-2k-indoor-wi-fi-security-camera-multiple-vulnerabilities-fixed/ -

03 Dec 2024, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-03 18:15

Updated : 2025-09-05 09:15

NVD link : CVE-2024-52544

Mitre link : CVE-2024-52544

CVE.ORG link : CVE-2024-52544

JSON object : View

Products Affected

No product.

CWE

CWE-121

Stack-based Buffer Overflow

9.8 /10