CVE-2022-31486
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD
Description
An authenticated attacker can send a specially crafted route to the “edit_route.cgi” binary and have it execute shell commands. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.303 for the LP series and 1.297 for the EP series. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable.
Affected (14)
Products: Hidglobal: Lp1501 Firmware, Lp1502 Firmware, Lp2500 Firmware, Lp4502 Firmware, Ep4502 Firmware · Carrier: Lenels2 Lnl 4420 Firmware, Lenels2 Lnl X2210 Firmware, Lenels2 Lnl X2220 Firmware, Lenels2 Lnl X3300 Firmware, Lenels2 Lnl X4420 Firmware, Lenels2 S2 Lp 1501 Firmware, Lenels2 S2 Lp 1502 Firmware, Lenels2 S2 Lp 2500 Firmware, Lenels2 S2 Lp 4502 Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.303 |
| Running on/with | Platform Versions |
|---|---|
Hidglobal Lp1501 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.303 |
| Running on/with | Platform Versions |
|---|---|
Hidglobal Lp1502 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.303 |
| Running on/with | Platform Versions |
|---|---|
Hidglobal Lp2500 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.303 |
| Running on/with | Platform Versions |
|---|---|
Hidglobal Lp4502 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.297 |
| Running on/with | Platform Versions |
|---|---|
Hidglobal Ep4502 | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.297 |
| Running on/with | Platform Versions |
|---|---|
Carrier Lenels2 Lnl 4420 | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.303 |
| Running on/with | Platform Versions |
|---|---|
Carrier Lenels2 Lnl X2210 | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.303 |
| Running on/with | Platform Versions |
|---|---|
Carrier Lenels2 Lnl X2220 | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.303 |
| Running on/with | Platform Versions |
|---|---|
Carrier Lenels2 Lnl X3300 | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.303 |
| Running on/with | Platform Versions |
|---|---|
Carrier Lenels2 Lnl X4420 | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.303 |
| Running on/with | Platform Versions |
|---|---|
Carrier Lenels2 S2 Lp 1501 | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.303 |
| Running on/with | Platform Versions |
|---|---|
Carrier Lenels2 S2 Lp 1502 | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.303 |
| Running on/with | Platform Versions |
|---|---|
Carrier Lenels2 S2 Lp 2500 | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.303 |
| Running on/with | Platform Versions |
|---|---|
Carrier Lenels2 S2 Lp 4502 | All versions |
References (2)
Source: productsecurity@carrier.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.