CVE-2022-31479

Remote Code Execution via command injection of the hostname

Description

An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable. The injected commands only get executed during start up or when unsafe calls regarding the hostname are used. This allows the attacker to gain remote access to the device and can make their persistence permanent by modifying the filesystem.

Remediation

Solution:

  • Update to the latest version of firmware

Workaround:

  • Disable the controller's Web Server. When the controller is configured to disable web access, you cannot remotely login into the controller’s web page. 1. Login to controller web pages 2. Go to “Users” Tab 3. Near bottom of the Users page, check option to “Disable Web Server” 4. Then select “Submit” at the bottom of the page 5. Then select “Apply Settings” tab 6. And on that page, select button “Apply Settings, Reboot” The Controller will apply the new setting and reboot. Web login will be disabled until switch 1 is physically turned ON, on the controller.

Categories

9.6
CVSS
Severity: Critical
CVSS 3.1 •
CVSS 2.0 •
EPSS 2.31% Top 20%
Vendor Advisory carrier.com
Affected: LenelS2 LNL-X2210
Affected: LenelS2 LNL-X2220
Affected: LenelS2 LNL-X3300
Affected: LenelS2 LNL-X4420
Affected: LenelS2 LNL-4420
Affected: LenelS2 S2-LP-1501
Affected: LenelS2 S2-LP-1502
Affected: LenelS2 S2-LP-2500
Affected: LenelS2 S2-LP-4502
Affected: HID Mercury LP1501
Affected: HID Mercury LP1502
Affected: HID Mercury LP2500
Affected: HID Mercury LP4502
Affected: HID Mercury EP4502
Published at:
Updated at:

References

Link Tags
https://www.corporate.carrier.com/product-security/advisories-resources/ vendor advisory

Frequently Asked Questions

What is the severity of CVE-2022-31479?
CVE-2022-31479 has been scored as a critical severity vulnerability.
How to fix CVE-2022-31479?
To fix CVE-2022-31479: Update to the latest version of firmware
Is CVE-2022-31479 being actively exploited in the wild?
It is possible that CVE-2022-31479 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~2% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-31479?
CVE-2022-31479 affects LenelS2 LNL-X2210, LenelS2 LNL-X2220, LenelS2 LNL-X3300, LenelS2 LNL-X4420, LenelS2 LNL-4420, LenelS2 S2-LP-1501, LenelS2 S2-LP-1502, LenelS2 S2-LP-2500, LenelS2 S2-LP-4502, HID Mercury LP1501, HID Mercury LP1502, HID Mercury LP2500, HID Mercury LP4502, HID Mercury EP4502.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.