Summaryinfo

A vulnerability, which was classified as problematic, was found in LOREX com.lorexcorp.lorexping 1.4.22. Affected is an unknown function of the component Firmware Update Handler. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2024-48799. It is possible to launch the attack remotely. There is no exploit available. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Detailsinfo

A vulnerability, which was classified as problematic, has been found in LOREX com.lorexcorp.lorexping 1.4.22. This issue affects some unknown functionality of the component Firmware Update Handler. The manipulation with an unknown input leads to a information disclosure vulnerability. Using CWE to declare the problem leads to CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. Impacted is confidentiality. The summary by CVE is:

An issue in LOREX TECHNOLOGY INC com.lorexcorp.lorexping 1.4.22 allows a remote attacker to obtain sensitive information via the firmware update process.

The identification of this vulnerability is CVE-2024-48799 since 10/08/2024. The exploitation is known to be easy. The attack may be initiated remotely. Neither technical details nor an exploit are publicly available. MITRE ATT&CK project uses the attack technique T1592 for this issue.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Productinfo

Vendor

• LOREX

Name

• com.lorexcorp.lorexping

Version

• 1.4.22

CPE 2.3info

• 🔒

CPE 2.2info

• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion