Remote Code Execution Flaw in Lorex 2K Indoor Wi-Fi Security Camera
CVE-2026-15680

7.5HIGH

Key Information:

Vendor

Lorex

Vendor
CVE Published:
13 July 2026

What is CVE-2026-15680?

The Lorex 2K Indoor Wi-Fi Security Camera is susceptible to a format string vulnerability within the parsing of JSON requests in its sonia binary. This flaw allows network-adjacent attackers to exploit the camera and remotely execute arbitrary code without requiring authentication. The lack of proper validation for user-supplied strings utilized as format specifiers makes this vulnerability particularly dangerous, as it enables exploitation in the context of root privileges, posing significant security risks to users.

Affected Version(s)

2K Indoor Wi-Fi Security Camera 2.800.020000000.3.R.20220331

References

CVSS V3.0

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.