CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-23806 – HID Global Reader Configuration Cards Improper Authorization
https://notcve.org/view.php?id=CVE-2024-23806
07 Feb 2024 — Sensitive data can be extracted from HID iCLASS SE reader configuration cards. This could include credential and device administrator keys. Se pueden extraer datos confidenciales de las tarjetas de configuración del lector HID iCLASS SE. Esto podría incluir claves de administrador de dispositivos y credenciales. • https://https://www.cisa.gov/news-events/ics-advisories/icsa-24-037-02 • CWE-285: Improper Authorization CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2024-22388 – Insecure Default Initialization of Resource in HID Global
https://notcve.org/view.php?id=CVE-2024-22388
06 Feb 2024 — Certain configuration available in the communication channel for encoders could expose sensitive data when reader configuration cards are programmed. This data could include credential and device administration keys. Cierta configuración disponible en el canal de comunicación para codificadores podría exponer datos confidenciales cuando se programan las tarjetas de configuración del lector. Estos datos podrían incluir claves de administración de dispositivos y credenciales. • https://support.hidglobal.com • CWE-285: Improper Authorization CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2904 – CVE-2023-2904
https://notcve.org/view.php?id=CVE-2023-2904
07 Jun 2023 — The External Visitor Manager portal of HID’s SAFE versions 5.8.0 through 5.11.3 are vulnerable to manipulation within web fields in the application programmable interface (API). An attacker could log in using account credentials available through a request generated by an internal user and then manipulate the visitor-id within the web API to access the personal data of other users. There is no limit on the number of requests that can be made to the HID SAFE Web Server, so an attacker could also exploit this... • https://www.cisa.gov/news-events/ics-advisories/icsa-23-152-02 • CWE-471: Modification of Assumed-Immutable Data (MAID) •
CVSS: 9.0EPSS: 0%CPEs: 28EXPL: 0CVE-2022-31486 – Command injection via Advanced Networking route add functionality
https://notcve.org/view.php?id=CVE-2022-31486
06 Jun 2022 — An authenticated attacker can send a specially crafted route to the “edit_route.cgi” binary and have it execute shell commands. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.303 for the LP series and 1.297 for the EP series. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or... • https://www.corporate.carrier.com/product-security/advisories-resources • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 28EXPL: 0CVE-2022-31485 – Unauthenticated homepage note modification
https://notcve.org/view.php?id=CVE-2022-31485
06 Jun 2022 — An unauthenticated attacker can send a specially crafted packets to update the “notes” section of the home page of the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. Un atacante no autenticado puede enviar un paquete especialmente diseñado para actualizar la sección "notes" de la página de inicio de la interfaz web. Esta vulnerabilidad afecta a los productos basados en l... • https://www.corporate.carrier.com/product-security/advisories-resources • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 7.5EPSS: 0%CPEs: 28EXPL: 0CVE-2022-31484 – User Account Deletion Unauthenticated
https://notcve.org/view.php?id=CVE-2022-31484
06 Jun 2022 — An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The impact of this vulnerability is that an unauthenticated attacker could restrict access to the web interface to legitimate users and potentially requiring them to use the default user dip switch procedure to gain access back.... • https://www.corporate.carrier.com/product-security/advisories-resources • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 9.1EPSS: 0%CPEs: 28EXPL: 0CVE-2022-31483 – Arbitrary file write via authenticated OSDP file upload
https://notcve.org/view.php?id=CVE-2022-31483
06 Jun 2022 — An authenticated attacker can upload a file with a filename including “..” and “/” to achieve the ability to upload the desired file anywhere on the filesystem. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.271. This allows a malicious actor to overwrite sensitive system files and install a startup service to gain remote access to the underlaying Linux operating system with root privilege... • https://www.corporate.carrier.com/product-security/advisories-resources • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 28EXPL: 0CVE-2022-31482 – Denial-of-Service via internal structure overflow
https://notcve.org/view.php?id=CVE-2022-31482
06 Jun 2022 — An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The overflowed data leads to segmentation fault and ultimately a denial-of-service condition, causing the device to reboot. The impact of this vulnerability is that an unauthenticated attacker could leverage this ... • https://www.corporate.carrier.com/product-security/advisories-resources • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 1%CPEs: 28EXPL: 0CVE-2022-31481 – Remote Code Execution via buffer overflow in firmware update process
https://notcve.org/view.php?id=CVE-2022-31481
06 Jun 2022 — An unauthenticated attacker can send a specially crafted update file to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. The overflowed data can allow the attacker to manipulate the “normal” code execution to that of their choosing. An attacker with this level of access on the device can monitor all com... • https://www.corporate.carrier.com/product-security/advisories-resources • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 28EXPL: 0CVE-2022-31480 – Unauthenticated Firmware Upload and Arbitrary Reboot
https://notcve.org/view.php?id=CVE-2022-31480
06 Jun 2022 — An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service (DoS). This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. The attacker needs to have a properly signed and encrypted binary, loading the firmware to the device ultimately triggers a reboot. Un atacante no autenticado... • https://www.corporate.carrier.com/product-security/advisories-resources • CWE-425: Direct Request ('Forced Browsing') •