Remote Code Execution Flaw in Lorex 2K Indoor Wi-Fi Security Camera
CVE-2026-15680
7.5HIGH
What is CVE-2026-15680?
The Lorex 2K Indoor Wi-Fi Security Camera is susceptible to a format string vulnerability within the parsing of JSON requests in its sonia binary. This flaw allows network-adjacent attackers to exploit the camera and remotely execute arbitrary code without requiring authentication. The lack of proper validation for user-supplied strings utilized as format specifiers makes this vulnerability particularly dangerous, as it enables exploitation in the context of root privileges, posing significant security risks to users.
Affected Version(s)
2K Indoor Wi-Fi Security Camera 2.800.020000000.3.R.20220331
