PatchSiren

Lorex CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Lorex CVE published 2026-07-13

CVE-2026-15683

CVE-2026-15683 is a HIGH severity vulnerability in Lorex 2K Indoor Wi-Fi Security Cameras. The vulnerability exists within the device management functionality and allows network-adjacent attackers to execute arbitrary code. User interaction is not required to exploit this vulnerability. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverag [truncated]

HIGH Lorex CVE published 2026-07-13

CVE-2026-15680

The CVE record describes a vulnerability in Lorex 2K Indoor Wi-Fi Security Cameras, allowing network-adjacent attackers to execute arbitrary code. The flaw exists within the parsing of JSON requests in the sonia binary, resulting from the lack of proper validation of a user-supplied string before using it as a format specifier. This vulnerability has a CVSS score of 7.5 and is considered HIGH severity. Th [truncated]