New whitepaper and exploit code from @stephenfewer on 5 new vulnerabilities he chained to achieve unauthenticated RCE on Lorex 2K Indoor Wi-Fi security cameras. The exploit works in two phases and comprises an auth bypass, a stack-based buffer overflow, an out-of-bounds heap read, and a null pointer dereference — and that's just to start (because it was, like, Tuesday for Stephen or whatever) 📈

Whitepaper: https://www.rapid7.com/globalassets/_pdfs/research/pwn2own-iot-2024-lorex-2k-indoor-wi-fi-security-camera-research.pdf

Exploit: https://github.com/sfewer-r7/LorexExploit