IM
IronMonkey Threat Research

CVE-2022-31480 HIGH

Published: 2022-06-06 | Last Modified: 2024-11-21 | Status: Modified

Description

An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service (DoS). This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. The attacker needs to have a properly signed and encrypted binary, loading the firmware to the device ultimately triggers a reboot.

Additional Descriptions (1)

Un atacante no autenticado podría cargar arbitrariamente archivos de firmware en el dispositivo objetivo, causando en última instancia una denegación de servicio (DoS). Esta vulnerabilidad afecta a los productos basados en los controladores inteligentes HID Mercury LP1501, LP1502, LP2500, LP4502 y EP4502 que contienen versiones de firmware anteriores a 1.302 para la serie LP y 1.296 para la serie EP. El atacante necesita tener un binario debidamente firmado y encriptado, la carga del firmware en el dispositivo finalmente desencadena un reinicio

CVSS Metrics

Base Score: 7.5 (HIGH)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack VectorNETWORK
Attack ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactNONE
Integrity ImpactNONE
Availability ImpactHIGH

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 3.6

Base Score: 5.0 (MEDIUM)

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access VectorNETWORK
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactNONE
Integrity ImpactNONE
Availability ImpactPARTIAL

Source: [email protected]

Type: Primary

Exploitability Score: 10.0

Impact Score: 2.9

Weaknesses

Source Type Description
[email protected] Secondary
en CWE-425
[email protected] Primary
en CWE-425

Affected Products

Vendor Product Version Update Type
hidglobal lp1501_firmware * <built-in method update of dict object at 0x7c3c2910c800> Operating System
hidglobal lp1502_firmware * <built-in method update of dict object at 0x7c3bf3a1c3c0> Operating System
hidglobal lp2500_firmware * <built-in method update of dict object at 0x7c3bf3a1d300> Operating System
hidglobal lp4502_firmware * <built-in method update of dict object at 0x7c3c2910e680> Operating System
hidglobal ep4502_firmware * <built-in method update of dict object at 0x7c3c2910fe80> Operating System
carrier lenels2_lnl-4420_firmware * <built-in method update of dict object at 0x7c3c2910f9c0> Operating System
carrier lenels2_lnl-x2210_firmware * <built-in method update of dict object at 0x7c3c2910e840> Operating System
carrier lenels2_lnl-x2220_firmware * <built-in method update of dict object at 0x7c3c2910c140> Operating System
carrier lenels2_lnl-x3300_firmware * <built-in method update of dict object at 0x7c3bf3b4c500> Operating System
carrier lenels2_lnl-x4420_firmware * <built-in method update of dict object at 0x7c3c2910d3c0> Operating System
carrier lenels2_s2-lp-1501_firmware * <built-in method update of dict object at 0x7c3c48143480> Operating System
carrier lenels2_s2-lp-1502_firmware * <built-in method update of dict object at 0x7c3c2910dbc0> Operating System
carrier lenels2_s2-lp-2500_firmware * <built-in method update of dict object at 0x7c3c2910d8c0> Operating System
carrier lenels2_s2-lp-4502_firmware * <built-in method update of dict object at 0x7c3c2910de40> Operating System

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:hidglobal:lp1501_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:hidglobal:lp1501:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:hidglobal:lp1502_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:hidglobal:lp1502:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:hidglobal:lp2500_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:hidglobal:lp2500:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:hidglobal:lp4502_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:hidglobal:lp4502:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:hidglobal:ep4502_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:hidglobal:ep4502:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:carrier:lenels2_lnl-4420_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:carrier:lenels2_lnl-4420:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:carrier:lenels2_lnl-x2210_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:carrier:lenels2_lnl-x2210:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:carrier:lenels2_lnl-x2220_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:carrier:lenels2_lnl-x2220:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:carrier:lenels2_lnl-x3300_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:carrier:lenels2_lnl-x3300:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:carrier:lenels2_lnl-x4420_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:carrier:lenels2_lnl-x4420:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:carrier:lenels2_s2-lp-1501_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:carrier:lenels2_s2-lp-1501:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:carrier:lenels2_s2-lp-1502_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:carrier:lenels2_s2-lp-1502:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:carrier:lenels2_s2-lp-2500_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:carrier:lenels2_s2-lp-2500:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:carrier:lenels2_s2-lp-4502_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:carrier:lenels2_s2-lp-4502:-:*:*:*:*:*:*:*

References

Notification
Message here