Design/Logic Flaw

2022-06-0617:15:00

PRIOn knowledge base

www.prio-n.com

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.8%

JSON

An authenticated attacker can upload a file with a filename including “…” and “/” to achieve the ability to upload the desired file anywhere on the filesystem. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.271. This allows a malicious actor to overwrite sensitive system files and install a startup service to gain remote access to the underlaying Linux operating system with root privileges.

CPENameOperatorVersion
lenels2_lnl-4420_firmwarelt1.271
lenels2_lnl-x2210_firmwarelt1.271
lenels2_lnl-x2220_firmwarelt1.271
lenels2_lnl-x3300_firmwarelt1.271
lenels2_lnl-x4420_firmwarelt1.271
lenels2_s2-lp-1501_firmwarelt1.271
lenels2_s2-lp-1502_firmwarelt1.271
lenels2_s2-lp-2500_firmwarelt1.271
lenels2_s2-lp-4502_firmwarelt1.271
ep4502_firmwarelt1.271

Name	Operator	Version
lenels2_lnl-4420_firmware	lt	1.271
lenels2_lnl-x2210_firmware	lt	1.271
lenels2_lnl-x2220_firmware	lt	1.271
lenels2_lnl-x3300_firmware	lt	1.271
lenels2_lnl-x4420_firmware	lt	1.271
lenels2_s2-lp-1501_firmware	lt	1.271
lenels2_s2-lp-1502_firmware	lt	1.271
lenels2_s2-lp-2500_firmware	lt	1.271
lenels2_s2-lp-4502_firmware	lt	1.271
ep4502_firmware	lt	1.271