Lucene search

[email protected]NVD:CVE-2022-31482

HistoryJun 06, 2022 - 5:15 p.m.

CVE-2022-31482

2022-06-0617:15:11

CWE-120

[email protected]

web.nvd.nist.gov

unauthenticated

buffer overflow

hid mercury controllers

firmware vulnerability

denial-of-service

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

40.4%

JSON

An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The overflowed data leads to segmentation fault and ultimately a denial-of-service condition, causing the device to reboot. The impact of this vulnerability is that an unauthenticated attacker could leverage this flaw to cause the target device to become unresponsive. An attacker could automate this attack to achieve persistent DoS, effectively rendering the target controller useless.

Affected configurations

Nvd

Node

hidgloballp1501_firmwareRange<1.29

AND

hidgloballp1501Match-

Node

hidgloballp1502_firmwareRange<1.29

AND

hidgloballp1502Match-

Node

hidgloballp2500_firmwareRange<1.29

AND

hidgloballp2500Match-

Node

hidgloballp4502_firmwareRange<1.29

AND

hidgloballp4502Match-

Node

hidglobalep4502_firmwareRange<1.29

AND

hidglobalep4502Match-

Node

carrierlenels2_lnl-4420_firmwareRange<1.29

AND

carrierlenels2_lnl-4420Match-

Node

carrierlenels2_lnl-x2210_firmwareRange<1.29

AND

carrierlenels2_lnl-x2210Match-

Node

carrierlenels2_lnl-x2220_firmwareRange<1.29

AND

carrierlenels2_lnl-x2220Match-

Node

carrierlenels2_lnl-x3300_firmwareRange<1.29

AND

carrierlenels2_lnl-x3300Match-

Node

carrierlenels2_lnl-x4420_firmwareRange<1.29

AND

carrierlenels2_lnl-x4420Match-

Node

carrierlenels2_s2-lp-1501_firmwareRange<1.29

AND

carrierlenels2_s2-lp-1501Match-

Node

carrierlenels2_s2-lp-1502_firmwareRange<1.29

AND

carrierlenels2_s2-lp-1502Match-

Node

carrierlenels2_s2-lp-2500_firmwareRange<1.29

AND

carrierlenels2_s2-lp-2500Match-

Node

carrierlenels2_s2-lp-4502_firmwareRange<1.29

AND

carrierlenels2_s2-lp-4502Match-

VendorProductVersionCPE
hidgloballp1501_firmware*cpe:2.3:o:hidglobal:lp1501_firmware:*:*:*:*:*:*:*:*
hidgloballp1501-cpe:2.3:h:hidglobal:lp1501:-:*:*:*:*:*:*:*
hidgloballp1502_firmware*cpe:2.3:o:hidglobal:lp1502_firmware:*:*:*:*:*:*:*:*
hidgloballp1502-cpe:2.3:h:hidglobal:lp1502:-:*:*:*:*:*:*:*
hidgloballp2500_firmware*cpe:2.3:o:hidglobal:lp2500_firmware:*:*:*:*:*:*:*:*
hidgloballp2500-cpe:2.3:h:hidglobal:lp2500:-:*:*:*:*:*:*:*
hidgloballp4502_firmware*cpe:2.3:o:hidglobal:lp4502_firmware:*:*:*:*:*:*:*:*
hidgloballp4502-cpe:2.3:h:hidglobal:lp4502:-:*:*:*:*:*:*:*
hidglobalep4502_firmware*cpe:2.3:o:hidglobal:ep4502_firmware:*:*:*:*:*:*:*:*
hidglobalep4502-cpe:2.3:h:hidglobal:ep4502:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hidglobal	lp1501_firmware	*	cpe:2.3:o:hidglobal:lp1501_firmware::::::::
hidglobal	lp1501	-	cpe:2.3:h:hidglobal:lp1501:-:::::::*
hidglobal	lp1502_firmware	*	cpe:2.3:o:hidglobal:lp1502_firmware::::::::
hidglobal	lp1502	-	cpe:2.3:h:hidglobal:lp1502:-:::::::*
hidglobal	lp2500_firmware	*	cpe:2.3:o:hidglobal:lp2500_firmware::::::::
hidglobal	lp2500	-	cpe:2.3:h:hidglobal:lp2500:-:::::::*
hidglobal	lp4502_firmware	*	cpe:2.3:o:hidglobal:lp4502_firmware::::::::
hidglobal	lp4502	-	cpe:2.3:h:hidglobal:lp4502:-:::::::*
hidglobal	ep4502_firmware	*	cpe:2.3:o:hidglobal:ep4502_firmware::::::::
hidglobal	ep4502	-	cpe:2.3:h:hidglobal:ep4502:-:::::::*