20 matches found
EUVD-2022-52941
Malicious code in bioql PyPI...
EUVD-2022-52946
Malicious code in bioql PyPI...
CVE-2022-31481
An unauthenticated attacker can send a specially crafted update file to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP seri...
CVE-2022-31486
An authenticated attacker can send a specially crafted route to the “editroute.cgi” binary and have it execute shell commands. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.303...
CVE-2022-31480
An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service DoS. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior t...
CVE-2022-31484
An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The impact of...
CVE-2022-31485
An unauthenticated attacker can send a specially crafted packets to update the “notes” section of the home page of the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior t...
CVE-2022-31479
An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which...
CVE-2022-31479
An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which...
Buffer overflow
An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29...
Design/Logic Flaw
An unauthenticated attacker can send a specially crafted packets to update the “notes” section of the home page of the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior t...
CVE-2022-31486 Command injection via Advanced Networking route add functionality
An authenticated attacker can send a specially crafted route to the “editroute.cgi” binary and have it execute shell commands. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.303...
CVE-2022-31486
CVE-2022-31486 is an authenticated command-injection vulnerability in HID Mercury LNL-4420 panels (LenelS2) where an input in the hostname field of network.cgi can be used to execute shell commands after a valid session. The issue enables command execution on the device and, depending on the firm...
CVE-2022-31485
CVE-2022-31485 is listed in the provided Trellix disclosures as an unauthenticated information spoofing vulnerability affecting Mercury LNL-4420 panels (firmware up to 1.291). The Connected documents do not provide concrete exploit steps, payloads, affected subcomponents, root cause details, or r...
CVE-2022-31485 Unauthenticated homepage note modification
An unauthenticated attacker can send a specially crafted packets to update the “notes” section of the home page of the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior t...
CVE-2022-31484 User Account Deletion Unauthenticated
An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The impact of...
CVE-2022-31484
CVE-2022-31484 corresponds to an unauthenticated vulnerability in HID Mercury-based panels (notably the LenelS2 LNL-4420 family) that allows an attacker to perform unauthenticated user modification. The Trellix disclosures consolidate this under the broader set of HID Mercury issues and note it a...
CVE-2022-31481
CVE-2022-31481 is an unauthenticated firmware upload vulnerability in HID Mercury/LNL-4420 panels (Mercury LP/EP series context in vendor disclosures) that enables remote arbitrary code execution via a buffer overflow during firmware image processing. Specifically, the firmware update flow in a C...
CVE-2022-31479
CVE-2022-31479 is an unauthenticated command-injection vulnerability in HID Mercury LNL-4420/EP family web interfaces. Researchers describe that the hostname field in the Network settings is parsed server-side and passed to a system() call during startup (DHCP/udhcpc flow), allowing an attacker-c...
CVE-2022-31485
An unauthenticated attacker can send a specially crafted packets to update the “notes” section of the home page of the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior t...