Cyber Resilience

CVE-2024-51347

High

Published: 25 March 2026

Published
25 March 2026
Modified
25 March 2026
KEV Added
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0006 18.6th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-51347 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 18.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-51347 is a buffer overflow vulnerability (CWE-120) affecting the dgiot binary in the LSC Smart Indoor IP Camera running firmware version V7.6.32. The issue arises in the ONVIF configuration interface during handling of the Time Zone (TZ) parameter, where the input length is not properly validated before being copied into a fixed-size buffer via the insecure strcpy function. This flaw has a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), indicating high severity with network accessibility and significant impacts on confidentiality, integrity, and availability.

An attacker with high privileges (PR:H) can exploit this vulnerability over the network with low complexity and no user interaction required. By sending a specially crafted TZ parameter to the ONVIF interface, the attacker triggers the buffer overflow, potentially leading to arbitrary code execution, data corruption, or denial of service on the affected device.

Details on the vulnerability, including proof-of-concept information, are available in the security research repository at https://github.com/victorGoeman/LSC-Indoor-Camera-Security-Research/blob/main/CVE-2024-51347.md and related resources. No official vendor patches or mitigation guidance are specified in the available information.

EU & UK References

Vulnerability details

A buffer overflow vulnerability in the dgiot binary in LSC Smart Indoor IP Camera V7.6.32. The flaw exists in the handling of the Time Zone (TZ) parameter within the ONVIF configuration interface. The time zone (TZ) parameter does not have…

more

its length properly validated before being copied into a fixed-size buffer using the insecure strcpy function.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Buffer overflow in network-accessible ONVIF config interface directly enables remote code execution on a public-facing device service.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2021-47854Shared CWE-120
CVE-2024-39803Shared CWE-120
CVE-2024-37184Shared CWE-120
CVE-2025-66647Shared CWE-120
CVE-2024-39750Shared CWE-120
CVE-2025-52909Shared CWE-120
CVE-2025-50398Shared CWE-120
CVE-2025-25674Shared CWE-120
CVE-2022-50922Shared CWE-120
CVE-2024-57471Shared CWE-120

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of the TZ parameter length before copying into fixed-size buffers, preventing the buffer overflow vulnerability.

preventrecover

Mandates identification, reporting, correction, and verification of flaws like this buffer overflow in the dgiot binary, enabling patching of the vulnerable firmware.

prevent

Implements memory safeguards such as non-executable stacks and address randomization to mitigate exploitation of the buffer overflow for arbitrary code execution.

References