CVE-2022-31483

An authenticated attacker can upload a file with a filename including “..” and “/” to achieve the ability to upload the desired file anywhere on the filesystem. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.271. This allows a malicious actor to overwrite sensitive system files and install a startup service to gain remote access to the underlaying Linux operating system with root privileges.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:hidglobal:lp1501_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:lp1501:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:hidglobal:lp1502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:lp1502:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:hidglobal:lp2500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:lp2500:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:hidglobal:lp4502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:lp4502:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:hidglobal:ep4502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:ep4502:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:carrier:lenels2_lnl-4420_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_lnl-4420:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:carrier:lenels2_lnl-x2210_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_lnl-x2210:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:carrier:lenels2_lnl-x2220_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_lnl-x2220:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:carrier:lenels2_lnl-x3300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_lnl-x3300:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:carrier:lenels2_lnl-x4420_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_lnl-x4420:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:carrier:lenels2_s2-lp-1501_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_s2-lp-1501:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:carrier:lenels2_s2-lp-1502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_s2-lp-1502:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:carrier:lenels2_s2-lp-2500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_s2-lp-2500:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:carrier:lenels2_s2-lp-4502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_s2-lp-4502:-:*:*:*:*:*:*:*

History

17 Jun 2022, 14:50

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 9.0
v3 : 8.8
CWE CWE-22
CPE cpe:2.3:h:carrier:lenels2_s2-lp-4502:-:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:lp1502:-:*:*:*:*:*:*:*
cpe:2.3:o:carrier:lenels2_lnl-x3300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:carrier:lenels2_lnl-4420_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_lnl-4420:-:*:*:*:*:*:*:*
cpe:2.3:o:hidglobal:lp4502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:carrier:lenels2_lnl-x2210_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:ep4502:-:*:*:*:*:*:*:*
cpe:2.3:o:hidglobal:lp1502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:carrier:lenels2_s2-lp-1501_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:carrier:lenels2_s2-lp-4502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:lp4502:-:*:*:*:*:*:*:*
cpe:2.3:o:carrier:lenels2_s2-lp-2500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_lnl-x2220:-:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_s2-lp-1501:-:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:lp2500:-:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:lp1501:-:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_s2-lp-1502:-:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_lnl-x2210:-:*:*:*:*:*:*:*
cpe:2.3:o:hidglobal:ep4502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_lnl-x4420:-:*:*:*:*:*:*:*
cpe:2.3:o:hidglobal:lp1501_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:carrier:lenels2_s2-lp-1502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:carrier:lenels2_lnl-x2220_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_lnl-x3300:-:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_s2-lp-2500:-:*:*:*:*:*:*:*
cpe:2.3:o:carrier:lenels2_lnl-x4420_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hidglobal:lp2500_firmware:*:*:*:*:*:*:*:*
First Time Hidglobal lp2500 Firmware
Carrier lenels2 S2-lp-1502
Hidglobal ep4502 Firmware
Hidglobal lp1502 Firmware
Carrier lenels2 S2-lp-2500 Firmware
Carrier lenels2 S2-lp-4502 Firmware
Hidglobal lp4502
Hidglobal lp4502 Firmware
Carrier lenels2 Lnl-x2210
Carrier lenels2 Lnl-x4420 Firmware
Hidglobal ep4502
Carrier lenels2 Lnl-4420 Firmware
Hidglobal
Carrier lenels2 Lnl-4420
Carrier lenels2 S2-lp-1501 Firmware
Carrier
Hidglobal lp1501 Firmware
Carrier lenels2 Lnl-x2220 Firmware
Carrier lenels2 Lnl-x3300 Firmware
Hidglobal lp2500
Hidglobal lp1502
Carrier lenels2 Lnl-x2210 Firmware
Carrier lenels2 S2-lp-2500
Carrier lenels2 Lnl-x2220
Carrier lenels2 S2-lp-1502 Firmware
Hidglobal lp1501
Carrier lenels2 S2-lp-4502
Carrier lenels2 Lnl-x3300
Carrier lenels2 S2-lp-1501
Carrier lenels2 Lnl-x4420
References (MISC) https://www.corporate.carrier.com/product-security/advisories-resources/ - (MISC) https://www.corporate.carrier.com/product-security/advisories-resources/ - Vendor Advisory

06 Jun 2022, 17:39

Type Values Removed Values Added
New CVE

Information

Published : 2022-06-06 17:15

Updated : 2023-12-10 14:22


NVD link : CVE-2022-31483

Mitre link : CVE-2022-31483

CVE.ORG link : CVE-2022-31483


JSON object : View

Products Affected

carrier

  • lenels2_lnl-x4420
  • lenels2_s2-lp-1501_firmware
  • lenels2_lnl-x2210_firmware
  • lenels2_lnl-x3300_firmware
  • lenels2_s2-lp-1502
  • lenels2_lnl-x2210
  • lenels2_lnl-x4420_firmware
  • lenels2_lnl-4420_firmware
  • lenels2_s2-lp-4502_firmware
  • lenels2_s2-lp-1502_firmware
  • lenels2_s2-lp-4502
  • lenels2_lnl-4420
  • lenels2_lnl-x2220_firmware
  • lenels2_s2-lp-1501
  • lenels2_lnl-x2220
  • lenels2_lnl-x3300
  • lenels2_s2-lp-2500
  • lenels2_s2-lp-2500_firmware

hidglobal

  • lp2500
  • lp2500_firmware
  • ep4502
  • lp1501
  • lp1502_firmware
  • lp4502_firmware
  • lp1502
  • lp4502
  • ep4502_firmware
  • lp1501_firmware
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')