Format string error in 2K Indoor Wi-Fi Security Camera - #VU137225
Published: July 9, 2026
2K Indoor Wi-Fi Security Camera
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a format string error in the CDeviceOperator function within the parsing of JSON requests in the sonia binary. A remote attacker on the local network can supply a specially crafted input that contains format string specifiers and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.