Carrier

Lenels2 S2-lp-1501 Firmware

8 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2022-31480

  • EPSS 0.37%
  • Veröffentlicht 06.06.2022 17:15:11
  • Zuletzt bearbeitet 21.11.2024 07:04:32

An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service (DoS). This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, a...

10

CVE-2022-31481

  • EPSS 1.24%
  • Veröffentlicht 06.06.2022 17:15:11
  • Zuletzt bearbeitet 21.11.2024 07:04:32

An unauthenticated attacker can send a specially crafted update file to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain f...

7.8

CVE-2022-31482

  • EPSS 0.51%
  • Veröffentlicht 06.06.2022 17:15:11
  • Zuletzt bearbeitet 21.11.2024 07:04:33

An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP450...

9

CVE-2022-31483

  • EPSS 0.62%
  • Veröffentlicht 06.06.2022 17:15:11
  • Zuletzt bearbeitet 21.11.2024 07:04:33

An authenticated attacker can upload a file with a filename including “..” and “/” to achieve the ability to upload the desired file anywhere on the filesystem. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, ...

7.5

CVE-2022-31484

  • EPSS 0.45%
  • Veröffentlicht 06.06.2022 17:15:11
  • Zuletzt bearbeitet 21.11.2024 07:04:33

An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain...

5.3

CVE-2022-31485

  • EPSS 0.15%
  • Veröffentlicht 06.06.2022 17:15:11
  • Zuletzt bearbeitet 21.11.2024 07:04:33

An unauthenticated attacker can send a specially crafted packets to update the “notes” section of the home page of the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and...

9

CVE-2022-31486

  • EPSS 0.98%
  • Veröffentlicht 06.06.2022 17:15:11
  • Zuletzt bearbeitet 21.11.2024 07:04:33

An authenticated attacker can send a specially crafted route to the “edit_route.cgi” binary and have it execute shell commands. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP450...

10

CVE-2022-31479

  • EPSS 9.07%
  • Veröffentlicht 06.06.2022 17:15:10
  • Zuletzt bearbeitet 21.11.2024 07:04:32

An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. This vulnerability impacts products based on HID Mercury Intelligent Controllers L...