cbcvebase.

Hid Mercury Ep4502 vulnerabilities

8 known vulnerabilities affecting hid_mercury/ep4502.

Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH5MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2022-31479P2CRITICALCVSS 9.8≥ ALL, < 1.2962022-06-06
CVE-2022-31479 [CRITICAL] CWE-693 CVE-2022-31479: An unauthenticated attacker can update the hostname with a specially crafted name that will allow fo An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP
nvd
CVE-2022-31481P2CRITICALCVSS 10.0≥ ALL, < 1.2962022-06-06
CVE-2022-31481 [CRITICAL] CWE-120 CVE-2022-31481: An unauthenticated attacker can send a specially crafted update file to the device that can overflow An unauthenticated attacker can send a specially crafted update file to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. The overflowed data
nvd
CVE-2022-31483P3HIGHCVSS 8.8≥ ALL, < 1.2712022-06-06
CVE-2022-31483 [HIGH] CWE-22 CVE-2022-31483: An authenticated attacker can upload a file with a filename including “..” and “/” to achieve the ab An authenticated attacker can upload a file with a filename including “..” and “/” to achieve the ability to upload the desired file anywhere on the filesystem. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.271. This allows a malicio
nvd
CVE-2022-31486P2HIGHCVSS 8.8≥ ALL, < 1.2972022-06-06
CVE-2022-31486 [HIGH] CWE-78 CVE-2022-31486: An authenticated attacker can send a specially crafted route to the “edit_route.cgi” binary and have An authenticated attacker can send a specially crafted route to the “edit_route.cgi” binary and have it execute shell commands. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.303 for the LP series and 1.297 for the EP series. An attac
nvd
CVE-2022-31484P3HIGHCVSS 7.5≥ ALL, < 1.292022-06-06
CVE-2022-31484 [HIGH] CWE-425 CVE-2022-31484: An unauthenticated attacker can send a specially crafted network packet to delete a user from the we An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The impact of this vulnerability is that an unauthenticated attacker
nvd
CVE-2022-31482P3HIGHCVSS 7.5≥ ALL, < 1.292022-06-06
CVE-2022-31482 [HIGH] CWE-120 CVE-2022-31482: An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The overflowed data leads to segmentation fault and ult
nvd
CVE-2022-31480P3HIGHCVSS 7.5≥ ALL, < 1.2962022-06-06
CVE-2022-31480 [HIGH] CWE-425 CVE-2022-31480: An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service (DoS). This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series.
nvd
CVE-2022-31485P4MEDIUMCVSS 5.3≥ ALL, < 1.292022-06-06
CVE-2022-31485 [MEDIUM] CWE-425 CVE-2022-31485: An unauthenticated attacker can send a specially crafted packets to update the “notes” section of th An unauthenticated attacker can send a specially crafted packets to update the “notes” section of the home page of the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29.
nvd
Hid Mercury Ep4502 vulnerabilities | cvebase