Lorex 2K Camera CVE-2026-15683
HIGHSeverity by source
AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Adjacent MitM position needed (AV:A) and success depends on winning interception and chaining other bugs (AC:H); no auth or interaction, yielding root-level code execution (C/I/A:H).
Primary rating from Vendor (zdi).
CVSS VectorVendor: zdi
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Lorex 2K Indoor Wi-Fi Security Camera Device Management Server Improper Certificate Validation Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lorex 2K Indoor Wi-Fi Security Cameras. User interaction is not required to exploit this vulnerability.
The specific flaw exists within the device management functionality. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-26851.
AnalysisAI
Remote code execution affects the Lorex 2K Indoor Wi-Fi Security Camera through improper TLS certificate validation in its device management server, allowing a network-adjacent attacker to impersonate the management server and, when chained with additional flaws, run code as root without any user interaction. The issue was reported through Trend Micro's Zero Day Initiative (ZDI-26-399, formerly ZDI-CAN-26851). …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to be network-adjacent (CVSS AV:A) - on the same local/Wi-Fi network segment as the camera - and to occupy a machine-in-the-middle position between the Lorex 2K Indoor Wi-Fi camera and its device management server. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.0 base score is 7.5 (High) with vector AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has gained access to the same Wi-Fi network as the camera (for example, a compromised IoT device, a guest on a shared network, or a nearby actor with wireless access) positions themselves as a machine-in-the-middle between the camera and its device management server. Because the camera does not validate the server certificate, the attacker presents a fraudulent certificate and impersonates the management server, then leverages this trusted channel together with additional vulnerabilities to deliver a payload that executes in the context of root. … |
| Remediation | No vendor-released patch version is identified in the available data, so a specific firmware upgrade target cannot be cited; monitor Lorex's support/security page and the ZDI advisory (https://www.zerodayinitiative.com/advisories/ZDI-26-399/) for a patched firmware release and apply it as the primary fix once available. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all deployed Lorex 2K Indoor Wi-Fi cameras, document their network locations and management server endpoints, and isolate them to a dedicated VLAN with restricted egress to prevent lateral movement. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-295 – Improper Certificate Validation
View allShare
External POC / Exploit Code
Leaving vuln.today