CVE-2026-15680
Gravedad CVSS v3.1:
ALTA
Tipo:
CWE-134
Utilización de formatos de cadenas de control externo
Fecha de publicación:
13/07/2026
Última modificación:
14/07/2026
Descripción
*** Pendiente de traducción *** Lorex 2K Indoor Wi-Fi Security Camera CDeviceOperator Format String Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lorex 2K Indoor Wi-Fi Security Cameras. Authentication is not required to exploit this vulnerability.<br />
<br />
The specific flaw exists within the parsing of JSON requests in the sonia binary. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-25884.
Impacto
Puntuación base 3.x
7.50
Gravedad 3.x
ALTA



