CVE-2026-15683 is a HIGH severity vulnerability in Lorex 2K Indoor Wi-Fi Security Cameras. The vulnerability exists within the device management functionality and allows network-adjacent attackers to execute arbitrary code. User interaction is not required to exploit this vulnerability. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverag [truncated]
The CVE record describes a vulnerability in Lorex 2K Indoor Wi-Fi Security Cameras, allowing network-adjacent attackers to execute arbitrary code. The flaw exists within the parsing of JSON requests in the sonia binary, resulting from the lack of proper validation of a user-supplied string before using it as a format specifier. This vulnerability has a CVSS score of 7.5 and is considered HIGH severity. Th [truncated]