Remote Attackers Can Access Sensitive Information via Firmware Update Process in LOREXPING
CVE-2024-48799

7.5HIGH

Key Information:

Vendor
CVE Published:
14 October 2024

What is CVE-2024-48799?

A security issue in Lorex Technology's Lorex Ping version 1.4.22 permits remote attackers to exploit the firmware update process. This vulnerability enables unauthorized access to sensitive information, potentially compromising user data and security. It is crucial for users of this product to assess their security posture and apply appropriate measures to mitigate the risks associated with this flaw.

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.