CVE-2024-51347

A buffer overflow vulnerability in the dgiot binary in LSC Smart Indoor IP Camera V7.6.32. The flaw exists in the handling of the Time Zone (TZ) parameter within the ONVIF configuration interface. The time zone (TZ) parameter does not have its length properly validated before being copied into a fixed-size buffer using the insecure strcpy function.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/victorGoeman/LSC-Indoor-Camera-Security-Research/blob/main/CVE-2024-51347.md
https://github.com/victorGoeman/LSC-Indoor-Camera-Security-Research/tree/main
https://github.com/victorGoeman/LSC-Indoor-Camera-Security-Research/blob/main/CVE-2024-51347.md

Configurations

No configuration.

History

17 Jun 2026, 08:05

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad de desbordamiento de búfer en el binario dgiot en LSC Smart Indoor IP Camera V7.6.32. La falla existe en el manejo del parámetro de Zona Horaria (TZ) dentro de la interfaz de configuración ONVIF. El parámetro de zona horaria (TZ) no tiene su longitud correctamente validada antes de ser copiado en un búfer de tamaño fijo utilizando la función strcpy insegura.

25 Mar 2026, 18:16

Type	Values Removed	Values Added
References	~~() https://github.com/victorGoeman/LSC-Indoor-Camera-Security-Research/blob/main/CVE-2024-51347.md -~~	() https://github.com/victorGoeman/LSC-Indoor-Camera-Security-Research/blob/main/CVE-2024-51347.md -
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.2
CWE		CWE-120

25 Mar 2026, 14:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-25 14:16

Updated : 2026-06-17 08:05

NVD link : CVE-2024-51347

Mitre link : CVE-2024-51347

CVE.ORG link : CVE-2024-51347

JSON object : View

Products Affected

No product.

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

{"id": "CVE-2024-51347", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2024-51347", "role": "CISA Coordinator", "options": [{"exploitation": "poc"}, {"automatable": "no"}, {"technicalImpact": "total"}], "version": "2.0.3", "timestamp": "2026-03-25T17:41:18.931017Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "affected": [{"source": "cve@mitre.org", "affectedData": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}]}], "published": "2026-03-25T14:16:29.097", "references": [{"url": "https://github.com/victorGoeman/LSC-Indoor-Camera-Security-Research/blob/main/CVE-2024-51347.md", "source": "cve@mitre.org"}, {"url": "https://github.com/victorGoeman/LSC-Indoor-Camera-Security-Research/tree/main", "source": "cve@mitre.org"}, {"url": "https://github.com/victorGoeman/LSC-Indoor-Camera-Security-Research/blob/main/CVE-2024-51347.md", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-120"}]}], "descriptions": [{"lang": "en", "value": "A buffer overflow vulnerability in the dgiot binary in LSC Smart Indoor IP Camera V7.6.32. The flaw exists in the handling of the Time Zone (TZ) parameter within the ONVIF configuration interface. The time zone (TZ) parameter does not have its length properly validated before being copied into a fixed-size buffer using the insecure strcpy function."}, {"lang": "es", "value": "Una vulnerabilidad de desbordamiento de b\u00fafer en el binario dgiot en LSC Smart Indoor IP Camera V7.6.32. La falla existe en el manejo del par\u00e1metro de Zona Horaria (TZ) dentro de la interfaz de configuraci\u00f3n ONVIF. El par\u00e1metro de zona horaria (TZ) no tiene su longitud correctamente validada antes de ser copiado en un b\u00fafer de tama\u00f1o fijo utilizando la funci\u00f3n strcpy insegura."}], "lastModified": "2026-06-17T08:05:37.477", "sourceIdentifier": "cve@mitre.org"}