CVE-2024-52548

An attacker who can execute arbitrary Operating Systems commands, can bypass code signing enforcements in the kernel, and execute arbitrary native code. This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.

CVSS v3 6.7 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/sfewer-r7/LorexExploit
https://www.rapid7.com/blog/post/2024/12/03/lorex-2k-indoor-wi-fi-security-camera-multiple-vulnerabilities-fixed/

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Un atacante que puede ejecutar comandos arbitrarios de sistemas operativos, puede eludir las exigencias de firma de código en el núcleo y ejecutar código nativo arbitrario. Esta vulnerabilidad se ha resuelto en la versión de firmware 2.800.0000000.8.R.20241111.

03 Dec 2024, 22:15

Type	Values Removed	Values Added
References		() https://www.rapid7.com/blog/post/2024/12/03/lorex-2k-indoor-wi-fi-security-camera-multiple-vulnerabilities-fixed/ -

03 Dec 2024, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-03 18:15

Updated : 2026-06-17 08:07

NVD link : CVE-2024-52548

Mitre link : CVE-2024-52548

CVE.ORG link : CVE-2024-52548

JSON object : View

Products Affected

No product.

CWE

CWE-345

Insufficient Verification of Data Authenticity

{"id": "CVE-2024-52548", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2024-52548", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "total"}], "version": "2.0.3", "timestamp": "2024-12-03T18:28:51.593704Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "cve@rapid7.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}]}, "affected": [{"source": "cve@rapid7.com", "affectedData": [{"vendor": "Lorex", "product": "2K Indoor Wi-Fi Security Camera", "versions": [{"status": "affected", "version": "0", "lessThan": "2.800.0000000.8.R.20241111", "versionType": "custom"}], "defaultStatus": "unaffected"}]}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "affectedData": [{"cpes": ["cpe:2.3:o:lorextechnology:w461asc-e_firmware:-:*:*:*:*:*:*:*"], "vendor": "lorextechnology", "product": "w461asc-e_firmware", "versions": [{"status": "affected", "version": "0", "lessThan": "2.800.0000000.8.r.20241111", "versionType": "custom"}], "defaultStatus": "unknown"}]}], "published": "2024-12-03T18:15:16.023", "references": [{"url": "https://github.com/sfewer-r7/LorexExploit", "source": "cve@rapid7.com"}, {"url": "https://www.rapid7.com/blog/post/2024/12/03/lorex-2k-indoor-wi-fi-security-camera-multiple-vulnerabilities-fixed/", "source": "cve@rapid7.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "cve@rapid7.com", "description": [{"lang": "en", "value": "CWE-345"}]}], "descriptions": [{"lang": "en", "value": "An attacker who can execute arbitrary Operating Systems commands, can bypass code signing enforcements in the kernel, and execute arbitrary native code. This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111."}, {"lang": "es", "value": " Un atacante que puede ejecutar comandos arbitrarios de sistemas operativos, puede eludir las exigencias de firma de c\u00f3digo en el n\u00facleo y ejecutar c\u00f3digo nativo arbitrario. Esta vulnerabilidad se ha resuelto en la versi\u00f3n de firmware 2.800.0000000.8.R.20241111."}], "lastModified": "2026-06-17T08:07:26.067", "sourceIdentifier": "cve@rapid7.com"}