CVE-2022-31486 : An authenticated attacker can send a specially crafted route to the “edit

An authenticated attacker can send a specially crafted route to the “edit_route.cgi” binary and have it execute shell commands. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.303 for the LP series and 1.297 for the EP series. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable.

Published 2022-06-06 17:15:12

Updated 2022-06-17 14:56:25

Source Carrier Global Corporation

View at NVD, CVE.org

Products affected by CVE-2022-31486

Hidglobal » Lp1501 Firmware
Versions before (<) 1.303
cpe:2.3:o:hidglobal:lp1501_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Hidglobal » Lp1501 » Version: N/A
Hidglobal » Lp1502 Firmware
Versions before (<) 1.303
cpe:2.3:o:hidglobal:lp1502_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Hidglobal » Lp1502 » Version: N/A
Hidglobal » Lp2500 Firmware
Versions before (<) 1.303
cpe:2.3:o:hidglobal:lp2500_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Hidglobal » Lp2500 » Version: N/A
Hidglobal » Lp4502 Firmware
Versions before (<) 1.303
cpe:2.3:o:hidglobal:lp4502_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Hidglobal » Lp4502 » Version: N/A
Hidglobal » Ep4502 Firmware
Versions before (<) 1.297
cpe:2.3:o:hidglobal:ep4502_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Hidglobal » Ep4502 » Version: N/A
Carrier » Lenels2 Lnl-4420 Firmware
Versions before (<) 1.297
cpe:2.3:o:carrier:lenels2_lnl-4420_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Carrier » Lenels2 Lnl-4420 » Version: N/A
Carrier » Lenels2 Lnl-x2210 Firmware
Versions before (<) 1.303
cpe:2.3:o:carrier:lenels2_lnl-x2210_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Carrier » Lenels2 Lnl-x2210 » Version: N/A
Carrier » Lenels2 Lnl-x2220 Firmware
Versions before (<) 1.303
cpe:2.3:o:carrier:lenels2_lnl-x2220_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Carrier » Lenels2 Lnl-x2220 » Version: N/A
Carrier » Lenels2 Lnl-x3300 Firmware
Versions before (<) 1.303
cpe:2.3:o:carrier:lenels2_lnl-x3300_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Carrier » Lenels2 Lnl-x3300 » Version: N/A
Carrier » Lenels2 Lnl-x4420 Firmware
Versions before (<) 1.303
cpe:2.3:o:carrier:lenels2_lnl-x4420_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Carrier » Lenels2 Lnl-x4420 » Version: N/A
Carrier » Lenels2 S2-lp-1501 Firmware
Versions before (<) 1.303
cpe:2.3:o:carrier:lenels2_s2-lp-1501_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Carrier » Lenels2 S2-lp-1501 » Version: N/A
Carrier » Lenels2 S2-lp-1502 Firmware
Versions before (<) 1.303
cpe:2.3:o:carrier:lenels2_s2-lp-1502_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Carrier » Lenels2 S2-lp-1502 » Version: N/A
Carrier » Lenels2 S2-lp-2500 Firmware
Versions before (<) 1.303
cpe:2.3:o:carrier:lenels2_s2-lp-2500_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Carrier » Lenels2 S2-lp-2500 » Version: N/A
Carrier » Lenels2 S2-lp-4502 Firmware
Versions before (<) 1.303
cpe:2.3:o:carrier:lenels2_s2-lp-4502_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Carrier » Lenels2 S2-lp-4502 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2022-31486

EPSS FAQ

0.77%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 71 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-31486

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.0	HIGH	AV:N/AC:L/Au:S/C:C/I:C/A:C	8.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	Carrier Global Corporation
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2022-31486

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Assigned by:
- nvd@nist.gov (Primary)
- productsecurity@carrier.com (Secondary)

References for CVE-2022-31486

https://www.corporate.carrier.com/product-security/advisories-resources/

Advisories & Resources | Product Security | Carrier Corporate
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2022-31486

Products affected by CVE-2022-31486

Exploit prediction scoring system (EPSS) score for CVE-2022-31486

CVSS scores for CVE-2022-31486

CWE ids for CVE-2022-31486

References for CVE-2022-31486