CVE-2022-31486

06.06.2022, 17:15

An authenticated attacker can send a specially crafted route to the edit_route.cgi binary and have it execute shell commands. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.303 for the LP series and 1.297 for the EP series. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable.

OS Command Injection

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.8 HIGH	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Carrier	CNA	8.8 HIGH	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 72%

Vendor	Product	Version
hidglobal	lp1501_firmware	𝑥 < 1.303
hidglobal	lp1502_firmware	𝑥 < 1.303
hidglobal	lp2500_firmware	𝑥 < 1.303
hidglobal	lp4502_firmware	𝑥 < 1.303
hidglobal	ep4502_firmware	𝑥 < 1.297
carrier	lenels2_lnl-4420_firmware	𝑥 < 1.297
carrier	lenels2_lnl-x2210_firmware	𝑥 < 1.303
carrier	lenels2_lnl-x2220_firmware	𝑥 < 1.303
carrier	lenels2_lnl-x3300_firmware	𝑥 < 1.303
carrier	lenels2_lnl-x4420_firmware	𝑥 < 1.303
carrier	lenels2_s2-lp-1501_firmware	𝑥 < 1.303
carrier	lenels2_s2-lp-1502_firmware	𝑥 < 1.303
carrier	lenels2_s2-lp-2500_firmware	𝑥 < 1.303
carrier	lenels2_s2-lp-4502_firmware	𝑥 < 1.303

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References

https://www.corporate.carrier.com/product-security/advisories-resources/