IM
IronMonkey Threat Research

CVE-2022-31482 HIGH

Published: 2022-06-06 | Last Modified: 2024-11-21 | Status: Modified

Description

An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The overflowed data leads to segmentation fault and ultimately a denial-of-service condition, causing the device to reboot. The impact of this vulnerability is that an unauthenticated attacker could leverage this flaw to cause the target device to become unresponsive. An attacker could automate this attack to achieve persistent DoS, effectively rendering the target controller useless.

Additional Descriptions (1)

Un atacante no autenticado puede enviar una petición HTTP no autenticada especialmente diseñada al dispositivo que puede desbordar un búfer. Esta vulnerabilidad afecta a los productos basados en los controladores inteligentes HID Mercury LP1501, LP1502, LP2500, LP4502 y EP4502 que contienen versiones de firmware anteriores a la 1.29. El desbordamiento de datos conlleva un fallo de segmentación y, en última instancia, una condición de denegación de servicio, causando el reinicio del dispositivo. El impacto de esta vulnerabilidad es que un atacante no autenticado podría aprovechar este fallo para causar que el dispositivo de destino deje de responder. Un atacante podría automatizar este ataque para lograr un DoS persistente, inutilizando efectivamente el controlador de destino

CVSS Metrics

Base Score: 7.5 (HIGH)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack VectorNETWORK
Attack ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactNONE
Integrity ImpactNONE
Availability ImpactHIGH

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 3.6

Base Score: 7.8 (HIGH)

AV:N/AC:L/Au:N/C:N/I:N/A:C

Access VectorNETWORK
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactNONE
Integrity ImpactNONE
Availability ImpactCOMPLETE

Source: [email protected]

Type: Primary

Exploitability Score: 10.0

Impact Score: 6.9

Weaknesses

Source Type Description
[email protected] Secondary
en CWE-120
[email protected] Primary
en CWE-120

Affected Products

Vendor Product Version Update Type
hidglobal lp1501_firmware * <built-in method update of dict object at 0x7c3bf291d580> Operating System
hidglobal lp1502_firmware * <built-in method update of dict object at 0x7c3c327e34c0> Operating System
hidglobal lp2500_firmware * <built-in method update of dict object at 0x7c3c28b153c0> Operating System
hidglobal lp4502_firmware * <built-in method update of dict object at 0x7c3bf291c800> Operating System
hidglobal ep4502_firmware * <built-in method update of dict object at 0x7c3bf291c300> Operating System
carrier lenels2_lnl-4420_firmware * <built-in method update of dict object at 0x7c3c477ead80> Operating System
carrier lenels2_lnl-x2210_firmware * <built-in method update of dict object at 0x7c3c29bdfc80> Operating System
carrier lenels2_lnl-x2220_firmware * <built-in method update of dict object at 0x7c3c29bdfac0> Operating System
carrier lenels2_lnl-x3300_firmware * <built-in method update of dict object at 0x7c3c327e1f40> Operating System
carrier lenels2_lnl-x4420_firmware * <built-in method update of dict object at 0x7c3bf291e4c0> Operating System
carrier lenels2_s2-lp-1501_firmware * <built-in method update of dict object at 0x7c3c477e8e80> Operating System
carrier lenels2_s2-lp-1502_firmware * <built-in method update of dict object at 0x7c3c2b037840> Operating System
carrier lenels2_s2-lp-2500_firmware * <built-in method update of dict object at 0x7c3c48142840> Operating System
carrier lenels2_s2-lp-4502_firmware * <built-in method update of dict object at 0x7c3c477e9840> Operating System

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:hidglobal:lp1501_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:hidglobal:lp1501:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:hidglobal:lp1502_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:hidglobal:lp1502:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:hidglobal:lp2500_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:hidglobal:lp2500:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:hidglobal:lp4502_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:hidglobal:lp4502:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:hidglobal:ep4502_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:hidglobal:ep4502:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:carrier:lenels2_lnl-4420_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:carrier:lenels2_lnl-4420:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:carrier:lenels2_lnl-x2210_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:carrier:lenels2_lnl-x2210:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:carrier:lenels2_lnl-x2220_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:carrier:lenels2_lnl-x2220:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:carrier:lenels2_lnl-x3300_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:carrier:lenels2_lnl-x3300:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:carrier:lenels2_lnl-x4420_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:carrier:lenels2_lnl-x4420:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:carrier:lenels2_s2-lp-1501_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:carrier:lenels2_s2-lp-1501:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:carrier:lenels2_s2-lp-1502_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:carrier:lenels2_s2-lp-1502:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:carrier:lenels2_s2-lp-2500_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:carrier:lenels2_s2-lp-2500:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:carrier:lenels2_s2-lp-4502_firmware:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:carrier:lenels2_s2-lp-4502:-:*:*:*:*:*:*:*

References

Notification
Message here