cbcvebase.
CVE-2022-31483
published 2022-06-06

CVE-2022-31483: An authenticated attacker can upload a file with a filename including “..” and “/” to achieve the ability to upload the desired file anywhere on the…

PriorityP359high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.63%
73.2th percentile
An authenticated attacker can upload a file with a filename including “..” and “/” to achieve the ability to upload the desired file anywhere on the filesystem. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.271. This allows a malicious actor to overwrite sensitive system files and install a startup service to gain remote access to the underlaying Linux operating system with root privileges.

Affected

28 ranges· showing 25
VendorProductVersion rangeFixed in
carrierlenels2_lnl-4420_firmware< 1.2711.271
carrierlenels2_lnl-x2210_firmware< 1.2711.271
carrierlenels2_lnl-x2220_firmware< 1.2711.271
carrierlenels2_lnl-x3300_firmware< 1.2711.271
carrierlenels2_lnl-x4420_firmware< 1.2711.271
carrierlenels2_s2-lp-1501_firmware< 1.2711.271
carrierlenels2_s2-lp-1502_firmware< 1.2711.271
carrierlenels2_s2-lp-2500_firmware< 1.2711.271
carrierlenels2_s2-lp-4502_firmware< 1.2711.271
hid_mercuryep4502>= ALL < 1.2711.271
hid_mercurylp1501>= ALL < 1.2711.271
hid_mercurylp1502>= ALL < 1.2711.271
hid_mercurylp2500>= ALL < 1.2711.271
hid_mercurylp4502>= ALL < 1.2711.271
hidglobalep4502_firmware< 1.2711.271
hidgloballp1501_firmware< 1.2711.271
hidgloballp1502_firmware< 1.2711.271
hidgloballp2500_firmware< 1.2711.271
hidgloballp4502_firmware< 1.2711.271
lenels2lnl-4420>= ALL < 1.2711.271
lenels2lnl-x2210>= ALL < 1.2711.271
lenels2lnl-x2220>= ALL < 1.2711.271
lenels2lnl-x3300>= ALL < 1.2711.271
lenels2lnl-x4420>= ALL < 1.2711.271
lenels2s2-lp-1501>= ALL < 1.2711.271

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.