CVE-2022-31483

Arbitrary file write via authenticated OSDP file upload

Description

An authenticated attacker can upload a file with a filename including “..” and “/” to achieve the ability to upload the desired file anywhere on the filesystem. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.271. This allows a malicious actor to overwrite sensitive system files and install a startup service to gain remote access to the underlaying Linux operating system with root privileges.

Remediation

Solution:

  • Update to the latest version of firmware

Workaround:

  • Disable the controller's Web Server. When the controller is configured to disable web access, you cannot remotely login into the controller’s web page. 1. Login to controller web pages 2. Go to “Users” Tab 3. Near bottom of the Users page, check option to “Disable Web Server” 4. Then select “Submit” at the bottom of the page 5. Then select “Apply Settings” tab 6. And on that page, select button “Apply Settings, Reboot” The Controller will apply the new setting and reboot. Web login will be disabled until switch 1 is physically turned ON, on the controller.

Category

9.1
CVSS
Severity: Critical
CVSS 3.1 •
CVSS 2.0 •
EPSS 0.39%
Vendor Advisory carrier.com
Affected: LenelS2 LNL-X2210
Affected: LenelS2 LNL-X2220
Affected: LenelS2 LNL-X3300
Affected: LenelS2 LNL-X4420
Affected: LenelS2 LNL-4420
Affected: LenelS2 S2-LP-1501
Affected: LenelS2 S2-LP-1502
Affected: LenelS2 S2-LP-2500
Affected: LenelS2 S2-LP-4502
Affected: HID Mercury LP1501
Affected: HID Mercury LP1502
Affected: HID Mercury LP2500
Affected: HID Mercury LP4502
Affected: HID Mercury EP4502
Published at:
Updated at:

References

Link Tags
https://www.corporate.carrier.com/product-security/advisories-resources/ vendor advisory

Frequently Asked Questions

What is the severity of CVE-2022-31483?
CVE-2022-31483 has been scored as a critical severity vulnerability.
How to fix CVE-2022-31483?
To fix CVE-2022-31483: Update to the latest version of firmware
Is CVE-2022-31483 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-31483 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-31483?
CVE-2022-31483 affects LenelS2 LNL-X2210, LenelS2 LNL-X2220, LenelS2 LNL-X3300, LenelS2 LNL-X4420, LenelS2 LNL-4420, LenelS2 S2-LP-1501, LenelS2 S2-LP-1502, LenelS2 S2-LP-2500, LenelS2 S2-LP-4502, HID Mercury LP1501, HID Mercury LP1502, HID Mercury LP2500, HID Mercury LP4502, HID Mercury EP4502.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.