{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-52547", "assignerOrgId": "9974b330-7714-4307-a722-5648477acda7", "state": "PUBLISHED", "assignerShortName": "rapid7", "dateReserved": "2024-11-12T13:42:42.324Z", "datePublished": "2024-12-03T17:25:31.962Z", "dateUpdated": "2025-09-05T08:31:14.731Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "2K Indoor Wi-Fi Security Camera", "vendor": "Lorex", "versions": [{"lessThan": "2.800.0000000.8.R.20241111", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2024-12-03T17:25:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An authenticated attacker can trigger a stack based buffer overflow in the DHIP Service (TCP port 80). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.<br>"}], "value": "An authenticated attacker can trigger a stack based buffer overflow in the DHIP Service (TCP port 80). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9974b330-7714-4307-a722-5648477acda7", "shortName": "rapid7", "dateUpdated": "2025-09-05T08:31:14.731Z"}, "references": [{"tags": ["exploit"], "url": "https://github.com/sfewer-r7/LorexExploit"}, {"tags": ["third-party-advisory"], "url": "https://www.rapid7.com/blog/post/2024/12/03/lorex-2k-indoor-wi-fi-security-camera-multiple-vulnerabilities-fixed/"}], "source": {"discovery": "UNKNOWN"}, "title": "Lorex 2K Indoor Wi-Fi Security Camera - Stack buffer overflow", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-52547", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-12-03T18:40:08.377751Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:lorextechnology:w461asc-e_firmware:-:*:*:*:*:*:*:*"], "vendor": "lorextechnology", "product": "w461asc-e_firmware", "versions": [{"status": "affected", "version": "0", "lessThan": "2.800.0000000.8.r.20241111", "versionType": "custom"}], "defaultStatus": "unknown"}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-03T18:45:12.896Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-52547", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-12-03T18:40:08.377751Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:lorextechnology:w461asc-e_firmware:-:*:*:*:*:*:*:*"], "vendor": "lorextechnology", "product": "w461asc-e_firmware", "versions": [{"status": "affected", "version": "0", "lessThan": "2.800.0000000.8.r.20241111", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-03T18:38:55.721Z"}}], "cna": {"title": "Lorex 2K Indoor Wi-Fi Security Camera - Stack buffer overflow", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Lorex", "product": "2K Indoor Wi-Fi Security Camera", "versions": [{"status": "affected", "version": "0", "lessThan": "2.800.0000000.8.R.20241111", "versionType": "custom"}], "defaultStatus": "unaffected"}], "datePublic": "2024-12-03T17:25:00.000Z", "references": [{"url": "https://github.com/sfewer-r7/LorexExploit", "tags": ["exploit"]}, {"url": "https://www.rapid7.com/blog/post/2024/12/03/lorex-2k-indoor-wi-fi-security-camera-multiple-vulnerabilities-fixed/", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "An authenticated attacker can trigger a stack based buffer overflow in the DHIP Service (TCP port 80). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.", "supportingMedia": [{"type": "text/html", "value": "An authenticated attacker can trigger a stack based buffer overflow in the DHIP Service (TCP port 80). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "9974b330-7714-4307-a722-5648477acda7", "shortName": "rapid7", "dateUpdated": "2025-09-05T08:31:14.731Z"}}}, "cveMetadata": {"cveId": "CVE-2024-52547", "state": "PUBLISHED", "dateUpdated": "2025-09-05T08:31:14.731Z", "dateReserved": "2024-11-12T13:42:42.324Z", "assignerOrgId": "9974b330-7714-4307-a722-5648477acda7", "datePublished": "2024-12-03T17:25:31.962Z", "assignerShortName": "rapid7"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An authenticated attacker can trigger a stack based buffer overflow in the DHIP Service (TCP port 80). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111."}, {"lang": "es", "value": " Un atacante autenticado puede provocar un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en el servicio DHIP (puerto TCP 80). Esta vulnerabilidad se ha resuelto en la versi\u00f3n de firmware 2.800.0000000.8.R.20241111."}], "id": "CVE-2024-52547", "lastModified": "2025-09-05T09:15:31.597", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "cve@rapid7.com", "type": "Secondary"}]}, "published": "2024-12-03T18:15:15.860", "references": [{"source": "cve@rapid7.com", "url": "https://github.com/sfewer-r7/LorexExploit"}, {"source": "cve@rapid7.com", "url": "https://www.rapid7.com/blog/post/2024/12/03/lorex-2k-indoor-wi-fi-security-camera-multiple-vulnerabilities-fixed/"}], "sourceIdentifier": "cve@rapid7.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "cve@rapid7.com", "type": "Secondary"}]}

{}