{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-52544", "assignerOrgId": "9974b330-7714-4307-a722-5648477acda7", "state": "PUBLISHED", "assignerShortName": "rapid7", "dateReserved": "2024-11-12T13:42:42.323Z", "datePublished": "2024-12-03T17:18:17.023Z", "dateUpdated": "2025-09-05T08:31:44.927Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "2K Indoor Wi-Fi Security Camera", "vendor": "Lorex", "versions": [{"lessThan": "2.800.0000000.8.R.20241111", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2024-12-03T17:15:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An unauthenticated attacker can trigger a stack based buffer overflow in the DP Service (TCP port 3500). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.<br>"}], "value": "An unauthenticated attacker can trigger a stack based buffer overflow in the DP Service (TCP port 3500). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9974b330-7714-4307-a722-5648477acda7", "shortName": "rapid7", "dateUpdated": "2025-09-05T08:31:44.927Z"}, "references": [{"tags": ["exploit"], "url": "https://github.com/sfewer-r7/LorexExploit"}, {"tags": ["third-party-advisory"], "url": "https://www.rapid7.com/blog/post/2024/12/03/lorex-2k-indoor-wi-fi-security-camera-multiple-vulnerabilities-fixed/"}], "source": {"discovery": "UNKNOWN"}, "title": "Lorex 2K Indoor Wi-Fi Security Camera - Stack buffer overflow", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-52544", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-12-03T18:40:26.814991Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:lorextechnology:w461asc-e_firmware:-:*:*:*:*:*:*:*"], "vendor": "lorextechnology", "product": "w461asc-e_firmware", "versions": [{"status": "affected", "version": "0", "lessThan": "2.800.0000000.8.r.20241111", "versionType": "custom"}], "defaultStatus": "unknown"}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-03T18:45:12.321Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-52544", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-12-03T18:40:26.814991Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:lorextechnology:w461asc-e_firmware:-:*:*:*:*:*:*:*"], "vendor": "lorextechnology", "product": "w461asc-e_firmware", "versions": [{"status": "affected", "version": "0", "lessThan": "2.800.0000000.8.r.20241111", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-03T18:38:52.091Z"}}], "cna": {"title": "Lorex 2K Indoor Wi-Fi Security Camera - Stack buffer overflow", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Lorex", "product": "2K Indoor Wi-Fi Security Camera", "versions": [{"status": "affected", "version": "0", "lessThan": "2.800.0000000.8.R.20241111", "versionType": "custom"}], "defaultStatus": "unaffected"}], "datePublic": "2024-12-03T17:15:00.000Z", "references": [{"url": "https://github.com/sfewer-r7/LorexExploit", "tags": ["exploit"]}, {"url": "https://www.rapid7.com/blog/post/2024/12/03/lorex-2k-indoor-wi-fi-security-camera-multiple-vulnerabilities-fixed/", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "An unauthenticated attacker can trigger a stack based buffer overflow in the DP Service (TCP port 3500). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.", "supportingMedia": [{"type": "text/html", "value": "An unauthenticated attacker can trigger a stack based buffer overflow in the DP Service (TCP port 3500). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "9974b330-7714-4307-a722-5648477acda7", "shortName": "rapid7", "dateUpdated": "2025-09-05T08:31:44.927Z"}}}, "cveMetadata": {"cveId": "CVE-2024-52544", "state": "PUBLISHED", "dateUpdated": "2025-09-05T08:31:44.927Z", "dateReserved": "2024-11-12T13:42:42.323Z", "assignerOrgId": "9974b330-7714-4307-a722-5648477acda7", "datePublished": "2024-12-03T17:18:17.023Z", "assignerShortName": "rapid7"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An unauthenticated attacker can trigger a stack based buffer overflow in the DP Service (TCP port 3500). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111."}, {"lang": "es", "value": "Un atacante no autenticado puede provocar un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en el servicio DP (puerto TCP 3500). Esta vulnerabilidad se ha resuelto en la versi\u00f3n de firmware 2.800.0000000.8.R.20241111."}], "id": "CVE-2024-52544", "lastModified": "2025-09-05T09:15:31.400", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "cve@rapid7.com", "type": "Secondary"}]}, "published": "2024-12-03T18:15:15.327", "references": [{"source": "cve@rapid7.com", "url": "https://github.com/sfewer-r7/LorexExploit"}, {"source": "cve@rapid7.com", "url": "https://www.rapid7.com/blog/post/2024/12/03/lorex-2k-indoor-wi-fi-security-camera-multiple-vulnerabilities-fixed/"}], "sourceIdentifier": "cve@rapid7.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "cve@rapid7.com", "type": "Secondary"}]}

{}

{}