Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ep4502_firmware
(Hidglobal)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 8 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-06-06 | CVE-2022-31479 | An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. An attacker with this level of access on the device can monitor all communications sent to and from this... | Lenels2_lnl\-4420_firmware, Lenels2_lnl\-X2210_firmware, Lenels2_lnl\-X2220_firmware, Lenels2_lnl\-X3300_firmware, Lenels2_lnl\-X4420_firmware, Lenels2_s2\-Lp\-1501_firmware, Lenels2_s2\-Lp\-1502_firmware, Lenels2_s2\-Lp\-2500_firmware, Lenels2_s2\-Lp\-4502_firmware, Ep4502_firmware, Lp1501_firmware, Lp1502_firmware, Lp2500_firmware, Lp4502_firmware | 9.8 | ||
| 2022-06-06 | CVE-2022-31480 | An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service (DoS). This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. The attacker needs to have a properly signed and encrypted binary, loading the firmware to the device ultimately triggers a reboot. | Lenels2_lnl\-4420_firmware, Lenels2_lnl\-X2210_firmware, Lenels2_lnl\-X2220_firmware, Lenels2_lnl\-X3300_firmware, Lenels2_lnl\-X4420_firmware, Lenels2_s2\-Lp\-1501_firmware, Lenels2_s2\-Lp\-1502_firmware, Lenels2_s2\-Lp\-2500_firmware, Lenels2_s2\-Lp\-4502_firmware, Ep4502_firmware, Lp1501_firmware, Lp1502_firmware, Lp2500_firmware, Lp4502_firmware | 7.5 | ||
| 2022-06-06 | CVE-2022-31481 | An unauthenticated attacker can send a specially crafted update file to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. The overflowed data can allow the attacker to manipulate the “normal” code execution to that of their choosing. An attacker with this level of access on the device can... | Lenels2_lnl\-4420_firmware, Lenels2_lnl\-X2210_firmware, Lenels2_lnl\-X2220_firmware, Lenels2_lnl\-X3300_firmware, Lenels2_lnl\-X4420_firmware, Lenels2_s2\-Lp\-1501_firmware, Lenels2_s2\-Lp\-1502_firmware, Lenels2_s2\-Lp\-2500_firmware, Lenels2_s2\-Lp\-4502_firmware, Ep4502_firmware, Lp1501_firmware, Lp1502_firmware, Lp2500_firmware, Lp4502_firmware | 10.0 | ||
| 2022-06-06 | CVE-2022-31482 | An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The overflowed data leads to segmentation fault and ultimately a denial-of-service condition, causing the device to reboot. The impact of this vulnerability is that an unauthenticated attacker... | Lenels2_lnl\-4420_firmware, Lenels2_lnl\-X2210_firmware, Lenels2_lnl\-X2220_firmware, Lenels2_lnl\-X3300_firmware, Lenels2_lnl\-X4420_firmware, Lenels2_s2\-Lp\-1501_firmware, Lenels2_s2\-Lp\-1502_firmware, Lenels2_s2\-Lp\-2500_firmware, Lenels2_s2\-Lp\-4502_firmware, Ep4502_firmware, Lp1501_firmware, Lp1502_firmware, Lp2500_firmware, Lp4502_firmware | 7.5 | ||
| 2022-06-06 | CVE-2022-31483 | An authenticated attacker can upload a file with a filename including “..” and “/” to achieve the ability to upload the desired file anywhere on the filesystem. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.271. This allows a malicious actor to overwrite sensitive system files and install a startup service to gain remote access to the underlaying Linux operating system... | Lenels2_lnl\-4420_firmware, Lenels2_lnl\-X2210_firmware, Lenels2_lnl\-X2220_firmware, Lenels2_lnl\-X3300_firmware, Lenels2_lnl\-X4420_firmware, Lenels2_s2\-Lp\-1501_firmware, Lenels2_s2\-Lp\-1502_firmware, Lenels2_s2\-Lp\-2500_firmware, Lenels2_s2\-Lp\-4502_firmware, Ep4502_firmware, Lp1501_firmware, Lp1502_firmware, Lp2500_firmware, Lp4502_firmware | 8.8 | ||
| 2022-06-06 | CVE-2022-31484 | An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The impact of this vulnerability is that an unauthenticated attacker could restrict access to the web interface to legitimate users and potentially requiring them to use the default user dip switch procedure to... | Lenels2_lnl\-4420_firmware, Lenels2_lnl\-X2210_firmware, Lenels2_lnl\-X2220_firmware, Lenels2_lnl\-X3300_firmware, Lenels2_lnl\-X4420_firmware, Lenels2_s2\-Lp\-1501_firmware, Lenels2_s2\-Lp\-1502_firmware, Lenels2_s2\-Lp\-2500_firmware, Lenels2_s2\-Lp\-4502_firmware, Ep4502_firmware, Lp1501_firmware, Lp1502_firmware, Lp2500_firmware, Lp4502_firmware | 7.5 | ||
| 2022-06-06 | CVE-2022-31485 | An unauthenticated attacker can send a specially crafted packets to update the “notes” section of the home page of the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. | Lenels2_lnl\-4420_firmware, Lenels2_lnl\-X2210_firmware, Lenels2_lnl\-X2220_firmware, Lenels2_lnl\-X3300_firmware, Lenels2_lnl\-X4420_firmware, Lenels2_s2\-Lp\-1501_firmware, Lenels2_s2\-Lp\-1502_firmware, Lenels2_s2\-Lp\-2500_firmware, Lenels2_s2\-Lp\-4502_firmware, Ep4502_firmware, Lp1501_firmware, Lp1502_firmware, Lp2500_firmware, Lp4502_firmware | 5.3 | ||
| 2022-06-06 | CVE-2022-31486 | An authenticated attacker can send a specially crafted route to the “edit_route.cgi” binary and have it execute shell commands. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.303 for the LP series and 1.297 for the EP series. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change... | Lenels2_lnl\-4420_firmware, Lenels2_lnl\-X2210_firmware, Lenels2_lnl\-X2220_firmware, Lenels2_lnl\-X3300_firmware, Lenels2_lnl\-X4420_firmware, Lenels2_s2\-Lp\-1501_firmware, Lenels2_s2\-Lp\-1502_firmware, Lenels2_s2\-Lp\-2500_firmware, Lenels2_s2\-Lp\-4502_firmware, Ep4502_firmware, Lp1501_firmware, Lp1502_firmware, Lp2500_firmware, Lp4502_firmware | 8.8 |