CVE-2024-52547
📋 TL;DR
An authenticated attacker can exploit a stack-based buffer overflow in the DHIP Service on TCP port 80 of affected Lorex security cameras. This could allow remote code execution or denial of service. Users of vulnerable Lorex 2K Indoor Wi-Fi Security Camera firmware versions are affected.
💻 Affected Systems
- Lorex 2K Indoor Wi-Fi Security Camera
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution with authenticated attacker privileges, potentially leading to full device compromise, lateral movement, or persistent backdoor installation.
Likely Case
Denial of service causing camera malfunction or crash, potentially disrupting security monitoring.
If Mitigated
Limited impact if network segmentation prevents access to camera management interfaces from untrusted networks.
🎯 Exploit Status
Exploit code is publicly available on GitHub. Requires authentication to the camera's web interface or DHIP service.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.800.0000000.8.R.20241111
Vendor Advisory: https://www.rapid7.com/blog/post/2024/12/03/lorex-2k-indoor-wi-fi-security-camera-multiple-vulnerabilities-fixed/
Restart Required: Yes
Instructions:
1. Log into camera web interface. 2. Navigate to firmware update section. 3. Upload firmware version 2.800.0000000.8.R.20241111. 4. Apply update and wait for camera to reboot.
🔧 Temporary Workarounds
Network Segmentation
allIsolate cameras on separate VLAN without internet access.
Access Control
allRestrict access to camera management interfaces to trusted IP addresses only.
🧯 If You Can't Patch
- Segment cameras on isolated network without internet access.
- Implement strict firewall rules blocking all external access to TCP port 80 on cameras.
🔍 How to Verify
Check if Vulnerable:
Check current firmware version via camera web interface or by attempting to connect to TCP port 80 and examining service banner.Check Version:
curl -s http://[CAMERA_IP]/cgi-bin/getSystemInfo | grep FirmwareVersionVerify Fix Applied:
Confirm firmware version shows 2.800.0000000.8.R.20241111 or later in camera settings.📡 Detection & Monitoring
Log Indicators:
- Unusual authentication attempts to camera web interface
- DHIP service crash logs
- Multiple failed buffer overflow attempts in system logs
Network Indicators:
- Unusual traffic patterns to camera port 80
- Malformed packets to DHIP service
SIEM Query:
source="camera_logs" AND (event="authentication_failure" OR event="service_crash")