Back to overview

CVE-2026-15683

HIGH
7.5
CVSS 3.0
Description
Lorex 2K Indoor Wi-Fi Security Camera Device Management Server Improper Certificate Validation Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lorex 2K Indoor Wi-Fi Security Cameras. User interaction is not required to exploit this vulnerability. The specific flaw exists within the device management functionality. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-26851.

Metadata

CVE ID
CVE-2026-15683
State
PUBLISHED
Assigner
zdi
Reserved
2026-07-13 21:29 UTC
Published
2026-07-13 21:30 UTC
Last updated
2026-07-13 21:30 UTC
Primary CWE
CWE-295
CWE-295: Improper Certificate Validation
Vendor / Product
Lorex / 2K Indoor Wi-Fi Security Camera
Sources
cve.org  ·  NVD

Severity & Metrics

7.5 HIGH CVSS 3.0
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products (1)
VendorProductPlatformVersions
Lorex 2K Indoor Wi-Fi Security Camera 2.800.020000000.3.R.20220331
Weakness (CWE)
CWESourceDescription
CWE-295 cna CWE-295: Improper Certificate Validation
CVSS scores (1)
ScoreSeverityVersionSourceVector
7.5 HIGH 3.0 cna CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Back to overview