CVE-2024-52545
📋 TL;DR
An unauthenticated attacker can exploit an out-of-bounds heap read vulnerability in the IQ Service (TCP port 9876) on Lorex 2K Indoor Wi-Fi Security Cameras. This allows reading memory contents without authentication, potentially exposing sensitive information. All users with affected camera models running vulnerable firmware are impacted.
💻 Affected Systems
- Lorex 2K Indoor Wi-Fi Security Camera
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Information disclosure leading to credential theft, device compromise, or lateral movement within the network.
Likely Case
Memory leak exposing device information, configuration data, or partial credentials.
If Mitigated
Limited information exposure with no direct code execution path.
🎯 Exploit Status
Public exploit code is available on GitHub. The vulnerability requires no authentication and has straightforward exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.800.0000000.8.R.20241111
Vendor Advisory: https://www.rapid7.com/blog/post/2024/12/03/lorex-2k-indoor-wi-fi-security-camera-multiple-vulnerabilities-fixed/
Restart Required: Yes
Instructions:
1. Log into the camera's web interface. 2. Navigate to firmware update section. 3. Upload firmware version 2.800.0000000.8.R.20241111. 4. Apply the update and restart the camera.
🔧 Temporary Workarounds
Block IQ Service Port
linuxBlock access to TCP port 9876 at network perimeter or host firewall
iptables -A INPUT -p tcp --dport 9876 -j DROP
Network Segmentation
allIsolate cameras on separate VLAN without internet access
🧯 If You Can't Patch
- Implement strict network segmentation to isolate cameras from untrusted networks
- Deploy intrusion detection rules to monitor for exploitation attempts on port 9876
🔍 How to Verify
Check if Vulnerable:
Check if TCP port 9876 is open and accessible. Test with the public exploit PoC if in a controlled environment.Check Version:
Check camera web interface under Settings > System > Firmware VersionVerify Fix Applied:
Verify firmware version is 2.800.0000000.8.R.20241111 or later. Test that port 9876 no longer responds to exploitation attempts.📡 Detection & Monitoring
Log Indicators:
- Unusual connections to TCP port 9876
- Memory access errors in system logs
Network Indicators:
- Traffic to/from port 9876 from unexpected sources
- Patterns matching exploit payloads
SIEM Query:
source_port=9876 OR dest_port=9876 | stats count by src_ip, dest_ip