CVE-2022-31485

Published: Jun 6, 2022

Modified: Sep 17, 2024

PUBLISHED

CVSS v3.1

5.3

MEDIUM

Description

An unauthenticated attacker can send a specially crafted packets to update the “notes” section of the home page of the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29.

Vendor	Product	Versions
LenelS2	LNL-X2210	affected `ALL - < 1.29`
LenelS2	LNL-X2220	affected `ALL - < 1.29`
LenelS2	LNL-X3300	affected `ALL - < 1.29`
LenelS2	LNL-X4420	affected `ALL - < 1.29`
LenelS2	LNL-4420	affected `ALL - < 1.29`
LenelS2	S2-LP-1501	affected `ALL - < 1.29`
LenelS2	S2-LP-1502	affected `ALL - < 1.29`
LenelS2	S2-LP-2500	affected `ALL - < 1.29`
LenelS2	S2-LP-4502	affected `ALL - < 1.29`
HID Mercury	LP1501	affected `ALL - < 1.29`
HID Mercury	LP1502	affected `ALL - < 1.29`
HID Mercury	LP2500	affected `ALL - < 1.29`
HID Mercury	LP4502	affected `ALL - < 1.29`
HID Mercury	EP4502	affected `ALL - < 1.29`

Weaknesses (CWE)

CWE-425

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

References

https://www.corporate.carrier.com/product-security/advisories-resources/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-31485

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References