CVE-2024-52546

An unauthenticated attacker can perform a null pointer dereference in the DHIP Service (UDP port 37810). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/sfewer-r7/LorexExploit
https://www.rapid7.com/blog/post/2024/12/03/lorex-2k-indoor-wi-fi-security-camera-multiple-vulnerabilities-fixed/

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Un atacante no autenticado puede realizar una desreferencia de puntero nulo en el servicio DHIP (puerto UDP 37810). Esta vulnerabilidad se ha resuelto en la versión de firmware 2.800.0000000.8.R.20241111.

03 Dec 2024, 21:15

Type	Values Removed	Values Added
References		() https://www.rapid7.com/blog/post/2024/12/03/lorex-2k-indoor-wi-fi-security-camera-multiple-vulnerabilities-fixed/ -

03 Dec 2024, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-03 18:15

Updated : 2026-04-15 00:35

NVD link : CVE-2024-52546

Mitre link : CVE-2024-52546

CVE.ORG link : CVE-2024-52546

JSON object : View

Products Affected

No product.

CWE

CWE-476

NULL Pointer Dereference

5.3 /10