Improper Certificate Validation in Lorex 2K Indoor Wi-Fi Security Cameras
CVE-2026-15683

7.5HIGH

Key Information:

Vendor

Lorex

Vendor
CVE Published:
13 July 2026

What is CVE-2026-15683?

The Lorex 2K Indoor Wi-Fi Security Camera is susceptible to an improper certificate validation vulnerability within its device management functionality. This flaw allows network-adjacent attackers to execute arbitrary code without requiring user interaction. By exploiting the lack of proper validation of the certificate provided by the server, an attacker could take control of the device and execute malicious code in the context of root, potentially leading to significant security breaches. This makes it critical for users to be aware of this vulnerability and take necessary precautions.

Affected Version(s)

2K Indoor Wi-Fi Security Camera 2.800.020000000.3.R.20220331

References

CVSS V3.0

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.