2 matches found
CVE-2022-31479
CVE-2022-31479 is an unauthenticated command-injection vulnerability in HID Mercury LNL-4420/EP family web interfaces. Researchers describe that the hostname field in the Network settings is parsed server-side and passed to a system() call during startup (DHCP/udhcpc flow), allowing an attacker-c...
CVE-2022-31479 Remote Code Execution via command injection of the hostname
An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which...