CVE-2022-31480

Published: Jun 6, 2022

Modified: Sep 17, 2024

PUBLISHED

CVSS v3.1

7.5

HIGH

Description

An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service (DoS). This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. The attacker needs to have a properly signed and encrypted binary, loading the firmware to the device ultimately triggers a reboot.

Vendor	Product	Versions
LenelS2	LNL-X2210	affected `ALL - < 1.302`
LenelS2	LNL-X2220	affected `ALL - < 1.302`
LenelS2	LNL-X3300	affected `ALL - < 1.302`
LenelS2	LNL-X4420	affected `ALL - < 1.302`
LenelS2	LNL-4420	affected `ALL - < 1.296`
LenelS2	S2-LP-1501	affected `ALL - < 1.302`
LenelS2	S2-LP-1502	affected `ALL - < 1.302`
LenelS2	S2-LP-2500	affected `ALL - < 1.302`
LenelS2	S2-LP-4502	affected `ALL - < 1.302`
HID Mercury	LP1501	affected `ALL - < 1.302`
HID Mercury	LP1502	affected `ALL - < 1.302`
HID Mercury	LP2500	affected `ALL - < 1.302`
HID Mercury	LP4502	affected `ALL - < 1.302`
HID Mercury	EP4502	affected `ALL - < 1.296`

Weaknesses (CWE)

CWE-425

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

References

https://www.corporate.carrier.com/product-security/advisories-resources/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-31480

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References