CVSS: 7.5EPSS: 0%CPEs: 28EXPL: 0CVE-2022-31484 – User Account Deletion Unauthenticated
https://notcve.org/view.php?id=CVE-2022-31484
An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The impact of this vulnerability is that an unauthenticated attacker could restrict access to the web interface to legitimate users and potentially requiring them to use the default user dip switch procedure to gain access back. Un atacante no autenticado puede enviar un paquete de red especialmente diseñado para eliminar un usuario de la interfaz web. Esta vulnerabilidad afecta a los productos basados en los controladores inteligentes HID Mercury LP1501, LP1502, LP2500, LP4502 y EP4502 que contienen versiones de firmware anteriores a 1.29. • https://www.corporate.carrier.com/product-security/advisories-resources • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 9.1EPSS: 0%CPEs: 28EXPL: 0CVE-2022-31483 – Arbitrary file write via authenticated OSDP file upload
https://notcve.org/view.php?id=CVE-2022-31483
An authenticated attacker can upload a file with a filename including “..” and “/” to achieve the ability to upload the desired file anywhere on the filesystem. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.271. This allows a malicious actor to overwrite sensitive system files and install a startup service to gain remote access to the underlaying Linux operating system with root privileges. Un atacante autenticado puede cargar un archivo con un nombre de archivo que incluya ".." y "/" para lograr la capacidad de cargar el archivo deseado en cualquier lugar del sistema de archivos. Esta vulnerabilidad afecta a los productos basados en los controladores inteligentes HID Mercury LP1501, LP1502, LP2500, LP4502 y EP4502 que contienen versiones de firmware anteriores a 1.271. • https://www.corporate.carrier.com/product-security/advisories-resources • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 28EXPL: 0CVE-2022-31482 – Denial-of-Service via internal structure overflow
https://notcve.org/view.php?id=CVE-2022-31482
An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The overflowed data leads to segmentation fault and ultimately a denial-of-service condition, causing the device to reboot. The impact of this vulnerability is that an unauthenticated attacker could leverage this flaw to cause the target device to become unresponsive. An attacker could automate this attack to achieve persistent DoS, effectively rendering the target controller useless. • https://www.corporate.carrier.com/product-security/advisories-resources • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 28EXPL: 0CVE-2022-31481 – Remote Code Execution via buffer overflow in firmware update process
https://notcve.org/view.php?id=CVE-2022-31481
An unauthenticated attacker can send a specially crafted update file to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. The overflowed data can allow the attacker to manipulate the “normal” code execution to that of their choosing. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable. Un atacante no autenticado puede enviar un archivo de actualización especialmente diseñado al dispositivo que puede desbordar un búfer. • https://www.corporate.carrier.com/product-security/advisories-resources • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 28EXPL: 0CVE-2022-31480 – Unauthenticated Firmware Upload and Arbitrary Reboot
https://notcve.org/view.php?id=CVE-2022-31480
An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service (DoS). This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. The attacker needs to have a properly signed and encrypted binary, loading the firmware to the device ultimately triggers a reboot. Un atacante no autenticado podría cargar arbitrariamente archivos de firmware en el dispositivo objetivo, causando en última instancia una denegación de servicio (DoS). Esta vulnerabilidad afecta a los productos basados en los controladores inteligentes HID Mercury LP1501, LP1502, LP2500, LP4502 y EP4502 que contienen versiones de firmware anteriores a 1.302 para la serie LP y 1.296 para la serie EP. • https://www.corporate.carrier.com/product-security/advisories-resources • CWE-425: Direct Request ('Forced Browsing') •