Skip to main content

Lorex 2K Camera CVE-2026-15683

HIGH
Improper Certificate Validation (CWE-295)
2026-07-13 zdi
7.5
CVSS 3.0 · Vendor: zdi
Share

Severity by source

Vendor (zdi) PRIMARY
7.5 HIGH
AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
7.5 HIGH

Adjacent MitM position needed (AV:A) and success depends on winning interception and chaining other bugs (AC:H); no auth or interaction, yielding root-level code execution (C/I/A:H).

3.1 AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (zdi).

CVSS VectorVendor: zdi

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jul 13, 2026 - 22:09 vuln.today
CVE Published
Jul 13, 2026 - 21:30 cve.org
HIGH 7.5

DescriptionCVE.org

Lorex 2K Indoor Wi-Fi Security Camera Device Management Server Improper Certificate Validation Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lorex 2K Indoor Wi-Fi Security Cameras. User interaction is not required to exploit this vulnerability.

The specific flaw exists within the device management functionality. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-26851.

AnalysisAI

Remote code execution affects the Lorex 2K Indoor Wi-Fi Security Camera through improper TLS certificate validation in its device management server, allowing a network-adjacent attacker to impersonate the management server and, when chained with additional flaws, run code as root without any user interaction. The issue was reported through Trend Micro's Zero Day Initiative (ZDI-26-399, formerly ZDI-CAN-26851). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Gain access to camera's local network
Delivery
Establish MitM on management connection
Exploit
Present forged server certificate
Install
Camera accepts invalid certificate (CWE-295)
C2
Inject malicious management response
Execute
Chain with additional vulnerabilities
Impact
Execute arbitrary code as root

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to be network-adjacent (CVSS AV:A) - on the same local/Wi-Fi network segment as the camera - and to occupy a machine-in-the-middle position between the Lorex 2K Indoor Wi-Fi camera and its device management server. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.0 base score is 7.5 (High) with vector AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has gained access to the same Wi-Fi network as the camera (for example, a compromised IoT device, a guest on a shared network, or a nearby actor with wireless access) positions themselves as a machine-in-the-middle between the camera and its device management server. Because the camera does not validate the server certificate, the attacker presents a fraudulent certificate and impersonates the management server, then leverages this trusted channel together with additional vulnerabilities to deliver a payload that executes in the context of root. …
Remediation No vendor-released patch version is identified in the available data, so a specific firmware upgrade target cannot be cited; monitor Lorex's support/security page and the ZDI advisory (https://www.zerodayinitiative.com/advisories/ZDI-26-399/) for a patched firmware release and apply it as the primary fix once available. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all deployed Lorex 2K Indoor Wi-Fi cameras, document their network locations and management server endpoints, and isolate them to a dedicated VLAN with restricted egress to prevent lateral movement. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-15683 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy