CVE-2022-31485
Last modified
CVE-2022-31485 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. An unauthenticated attacker can send a specially crafted packets to update the “notes” section of the home page of the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29.. EPSS estimates a 0.77% chance of exploitation in the next 30 days.
Description
An unauthenticated attacker can send a specially crafted packets to update the “notes” section of the home page of the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Hidglobal | Lp1501 Firmware | < 1.29 |
| Hidglobal | Lp1502 Firmware | < 1.29 |
| Hidglobal | Lp2500 Firmware | < 1.29 |
| Hidglobal | Lp4502 Firmware | < 1.29 |
| Hidglobal | Ep4502 Firmware | < 1.29 |
| Carrier | Lenels2 Lnl-4420 Firmware | < 1.29 |
| Carrier | Lenels2 Lnl-X2210 Firmware | < 1.29 |
| Carrier | Lenels2 Lnl-X2220 Firmware | < 1.29 |
| Carrier | Lenels2 Lnl-X3300 Firmware | < 1.29 |
| Carrier | Lenels2 Lnl-X4420 Firmware | < 1.29 |
| Carrier | Lenels2 S2-Lp-1501 Firmware | < 1.29 |
| Carrier | Lenels2 S2-Lp-1502 Firmware | < 1.29 |
| Carrier | Lenels2 S2-Lp-2500 Firmware | < 1.29 |
| Carrier | Lenels2 S2-Lp-4502 Firmware | < 1.29 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-31485?
How severe is CVE-2022-31485?
How do I fix CVE-2022-31485?
Are you affected by CVE-2022-31485?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST