CVE-2022-31482

An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The overflowed data leads to segmentation fault and ultimately a denial-of-service condition, causing the device to reboot. The impact of this vulnerability is that an unauthenticated attacker could leverage this flaw to cause the target device to become unresponsive. An attacker could automate this attack to achieve persistent DoS, effectively rendering the target controller useless.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:hidglobal:lp1501_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:lp1501:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:hidglobal:lp1502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:lp1502:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:hidglobal:lp2500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:lp2500:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:hidglobal:lp4502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:lp4502:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:hidglobal:ep4502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:ep4502:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:carrier:lenels2_lnl-4420_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_lnl-4420:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:carrier:lenels2_lnl-x2210_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_lnl-x2210:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:carrier:lenels2_lnl-x2220_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_lnl-x2220:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:carrier:lenels2_lnl-x3300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_lnl-x3300:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:carrier:lenels2_lnl-x4420_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_lnl-x4420:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:carrier:lenels2_s2-lp-1501_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_s2-lp-1501:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:carrier:lenels2_s2-lp-1502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_s2-lp-1502:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:carrier:lenels2_s2-lp-2500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_s2-lp-2500:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:carrier:lenels2_s2-lp-4502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_s2-lp-4502:-:*:*:*:*:*:*:*

Information

Published : 2022-06-06 10:15

Updated : 2022-06-17 07:49


NVD link : CVE-2022-31482

Mitre link : CVE-2022-31482


JSON object : View

CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Advertisement

dedicated server usa

Products Affected

hidglobal

  • lp1502
  • lp2500_firmware
  • lp2500
  • lp1501_firmware
  • ep4502
  • lp1502_firmware
  • lp1501
  • lp4502
  • ep4502_firmware
  • lp4502_firmware

carrier

  • lenels2_s2-lp-1501
  • lenels2_lnl-4420
  • lenels2_lnl-x2220_firmware
  • lenels2_s2-lp-4502
  • lenels2_lnl-x3300_firmware
  • lenels2_lnl-x2220
  • lenels2_s2-lp-4502_firmware
  • lenels2_s2-lp-1501_firmware
  • lenels2_lnl-x2210
  • lenels2_lnl-4420_firmware
  • lenels2_s2-lp-2500_firmware
  • lenels2_lnl-x2210_firmware
  • lenels2_s2-lp-1502
  • lenels2_lnl-x3300
  • lenels2_lnl-x4420_firmware
  • lenels2_lnl-x4420
  • lenels2_s2-lp-1502_firmware
  • lenels2_s2-lp-2500