CVE-2022-31486

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-31486
An authenticated attacker can send a specially crafted route to the “edit_route.cgi” binary and have it execute shell commands. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.303 for the LP series and 1.297 for the EP series. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
https://www.corporate.carrier.com/product-security/advisories-resources/ Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:hidglobal:lp1501_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:lp1501:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:hidglobal:lp1502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:lp1502:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:hidglobal:lp2500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:lp2500:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:hidglobal:lp4502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:lp4502:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:hidglobal:ep4502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:ep4502:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:carrier:lenels2_lnl-4420_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_lnl-4420:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:carrier:lenels2_lnl-x2210_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_lnl-x2210:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:carrier:lenels2_lnl-x2220_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_lnl-x2220:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:carrier:lenels2_lnl-x3300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_lnl-x3300:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:carrier:lenels2_lnl-x4420_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_lnl-x4420:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:carrier:lenels2_s2-lp-1501_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_s2-lp-1501:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:carrier:lenels2_s2-lp-1502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_s2-lp-1502:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:carrier:lenels2_s2-lp-2500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_s2-lp-2500:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:carrier:lenels2_s2-lp-4502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_s2-lp-4502:-:*:*:*:*:*:*:*
History

17 Jun 2022, 14:56

Type Values Removed Values Added
CPE cpe:2.3:h:carrier:lenels2_s2-lp-4502:-:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:lp1502:-:*:*:*:*:*:*:*
cpe:2.3:o:carrier:lenels2_lnl-x3300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:carrier:lenels2_lnl-4420_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_lnl-4420:-:*:*:*:*:*:*:*
cpe:2.3:o:hidglobal:lp4502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:carrier:lenels2_lnl-x2210_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:ep4502:-:*:*:*:*:*:*:*
cpe:2.3:o:hidglobal:lp1502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:carrier:lenels2_s2-lp-1501_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:carrier:lenels2_s2-lp-4502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:lp4502:-:*:*:*:*:*:*:*
cpe:2.3:o:carrier:lenels2_s2-lp-2500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_lnl-x2220:-:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_s2-lp-1501:-:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:lp2500:-:*:*:*:*:*:*:*
cpe:2.3:h:hidglobal:lp1501:-:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_s2-lp-1502:-:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_lnl-x2210:-:*:*:*:*:*:*:*
cpe:2.3:o:hidglobal:ep4502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_lnl-x4420:-:*:*:*:*:*:*:*
cpe:2.3:o:hidglobal:lp1501_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:carrier:lenels2_s2-lp-1502_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:carrier:lenels2_lnl-x2220_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_lnl-x3300:-:*:*:*:*:*:*:*
cpe:2.3:h:carrier:lenels2_s2-lp-2500:-:*:*:*:*:*:*:*
cpe:2.3:o:carrier:lenels2_lnl-x4420_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:hidglobal:lp2500_firmware:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : 9.0
v3 : 8.8
References (MISC) https://www.corporate.carrier.com/product-security/advisories-resources/ - (MISC) https://www.corporate.carrier.com/product-security/advisories-resources/ - Vendor Advisory
CWE CWE-78
First Time Hidglobal lp2500 Firmware
Carrier lenels2 S2-lp-1502
Hidglobal ep4502 Firmware
Hidglobal lp1502 Firmware
Carrier lenels2 S2-lp-2500 Firmware
Carrier lenels2 S2-lp-4502 Firmware
Hidglobal lp4502
Hidglobal lp4502 Firmware
Carrier lenels2 Lnl-x2210
Carrier lenels2 Lnl-x4420 Firmware
Hidglobal ep4502
Carrier lenels2 Lnl-4420 Firmware
Hidglobal
Carrier lenels2 Lnl-4420
Carrier lenels2 S2-lp-1501 Firmware
Carrier
Hidglobal lp1501 Firmware
Carrier lenels2 Lnl-x2220 Firmware
Carrier lenels2 Lnl-x3300 Firmware
Hidglobal lp2500
Hidglobal lp1502
Carrier lenels2 Lnl-x2210 Firmware
Carrier lenels2 S2-lp-2500
Carrier lenels2 Lnl-x2220
Carrier lenels2 S2-lp-1502 Firmware
Hidglobal lp1501
Carrier lenels2 S2-lp-4502
Carrier lenels2 Lnl-x3300
Carrier lenels2 S2-lp-1501
Carrier lenels2 Lnl-x4420

06 Jun 2022, 17:39

Type Values Removed Values Added
New CVE
Information

Published : 2022-06-06 17:15

Updated : 2023-12-10 14:22

NVD link : CVE-2022-31486

Mitre link : CVE-2022-31486

CVE.ORG link : CVE-2022-31486

JSON object : View

Products Affected

carrier

  • lenels2_lnl-x3300
  • lenels2_lnl-x2220_firmware
  • lenels2_s2-lp-4502
  • lenels2_lnl-4420
  • lenels2_s2-lp-1501
  • lenels2_s2-lp-2500_firmware
  • lenels2_lnl-x3300_firmware
  • lenels2_s2-lp-1502_firmware
  • lenels2_lnl-x2210
  • lenels2_s2-lp-2500
  • lenels2_s2-lp-4502_firmware
  • lenels2_lnl-x2210_firmware
  • lenels2_s2-lp-1501_firmware
  • lenels2_lnl-4420_firmware
  • lenels2_lnl-x4420_firmware
  • lenels2_lnl-x4420
  • lenels2_lnl-x2220
  • lenels2_s2-lp-1502

hidglobal

  • lp1501_firmware
  • lp1502
  • lp2500_firmware
  • lp4502_firmware
  • ep4502
  • ep4502_firmware
  • lp4502
  • lp1501
  • lp1502_firmware
  • lp2500
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')