Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

ZDI-26-398: (0Day) (Pwn2Own) Lorex 2K Indoor Wi-Fi Security Camera CDeviceOperator Format String Remote Code Execution Vulnerability

0
Critical
Exploitremote
Published: 07/08/2026 (07/08/2026, 05:00:00 UTC)
Source: Zero Day Initiative

Description

A format string vulnerability in the Lorex 2K Indoor Wi-Fi Security Camera allows network-adjacent attackers to execute arbitrary code without authentication. The flaw is in the sonia binary's JSON request parsing, where user-supplied strings are improperly validated before use as format specifiers. Exploitation can lead to code execution with root privileges. No patch is currently available, and mitigation involves restricting interaction with the device.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/09/2026, 11:10:47 UTC

Technical Analysis

The Lorex 2K Indoor Wi-Fi Security Camera contains a format string vulnerability in the sonia binary's JSON request parsing component. This vulnerability arises from insufficient validation of user-supplied strings used as format specifiers, enabling remote code execution at root privilege level. The vulnerability can be exploited by network-adjacent attackers without requiring authentication. The Zero Day Initiative assigned a CVSS score of 7.5 and disclosed the vulnerability publicly on July 8, 2026. The vendor has acknowledged the issue and is working on a fix, but as of the advisory date, no official patch has been released. The primary mitigation recommended is to restrict interaction with the affected device until a fix is available.

Potential Impact

Successful exploitation allows an unauthenticated, network-adjacent attacker to execute arbitrary code with root privileges on the affected Lorex 2K Indoor Wi-Fi Security Camera. This compromises confidentiality, integrity, and availability of the device, potentially enabling full device takeover.

Mitigation Recommendations

No official patch or fix is currently available. The vendor is working on a remediation. Until a patch is released, the only effective mitigation is to restrict network access and interaction with the affected device to trusted entities only. Monitor the vendor advisory for updates regarding patch availability.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Article Source
{"url":"http://www.zerodayinitiative.com/advisories/ZDI-26-398/","fetched":true,"fetchedAt":"2026-07-09T11:08:34.398Z","wordCount":270}

Threat ID: 6a4f818768715ace4335a9bc

Added to database: 07/09/2026, 11:09:59 UTC

Last enriched: 07/09/2026, 11:10:47 UTC

Last updated: 07/10/2026, 01:09:18 UTC

Views: 24

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses