Lp1501 Firmware Security Vulnerabilities and Issues — Lp1501 Firmware CVE List

Lucene search

HidglobalLp1501 Firmware

8 matches found

CVE•added 2022/06/06 5:15 p.m.•96 views

CVE-2022-31481

An unauthenticated attacker can send a specially crafted update file to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series...

10CVSS9.7AI score0.0114EPSS

CVE•added 2022/06/06 5:15 p.m.•93 views

CVE-2022-31479

An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which c...

10CVSS9.7AI score0.06938EPSS

CVE•added 2022/06/06 5:15 p.m.•85 views

CVE-2022-31484

An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The impact of t...

7.5CVSS7.7AI score0.00639EPSS

CVE•added 2022/06/06 5:15 p.m.•85 views

CVE-2022-31486

An authenticated attacker can send a specially crafted route to the “edit_route.cgi” binary and have it execute shell commands. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.303 ...

9CVSS8.6AI score0.00975EPSS

CVE•added 2022/06/06 5:15 p.m.•81 views

CVE-2022-31485

An unauthenticated attacker can send a specially crafted packets to update the “notes” section of the home page of the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to ...

5.3CVSS5.6AI score0.00277EPSS

CVE•added 2022/06/06 5:15 p.m.•65 views

CVE-2022-31480

An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service (DoS). This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior t...

7.5CVSS7.5AI score0.00523EPSS

CVE•added 2022/06/06 5:15 p.m.•62 views

CVE-2022-31483

An authenticated attacker can upload a file with a filename including “..” and “/” to achieve the ability to upload the desired file anywhere on the filesystem. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain ...

9.1CVSS8.8AI score0.00662EPSS

CVE•added 2022/06/06 5:15 p.m.•51 views

CVE-2022-31482

An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. ...

7.8CVSS7.6AI score0.00632EPSS