VYPR
Vendor

Lenels2

Products
2
CVEs
11
Across products
11
Status
Private

Products

2

Recent CVEs

11
  • CVE-2022-31481CriJun 6, 2022
    risk 0.65cvss 10.0epss 0.01

    An unauthenticated attacker can send a specially crafted update file to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to…

  • CVE-2022-31479CriJun 6, 2022
    risk 0.63cvss 9.6epss 0.02

    An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500,…

  • CVE-2022-31483CriJun 6, 2022
    risk 0.59cvss 9.1epss 0.02

    An authenticated attacker can upload a file with a filename including “..” and “/” to achieve the ability to upload the desired file anywhere on the filesystem. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500,…

  • CVE-2022-31486HigJun 6, 2022
    risk 0.57cvss 8.8epss 0.01

    An authenticated attacker can send a specially crafted route to the “edit_route.cgi” binary and have it execute shell commands. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware…

  • CVE-2022-31484HigJun 6, 2022
    risk 0.49cvss 7.5epss 0.01

    An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to…

  • CVE-2022-31482HigJun 6, 2022
    risk 0.49cvss 7.5epss 0.01

    An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware…

  • CVE-2022-31480HigJun 6, 2022
    risk 0.49cvss 7.5epss 0.01

    An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service (DoS). This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain…

  • CVE-2022-31485MedJun 6, 2022
    risk 0.35cvss 5.3epss 0.01

    An unauthenticated attacker can send a specially crafted packets to update the “notes” section of the home page of the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain…

  • CVE-2024-2422May 30, 2024
    risk 0.00cvss epss 0.01

    LenelS2 NetBox access control and event monitoring system was discovered to contain an authenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands.

  • CVE-2024-2421May 30, 2024
    risk 0.00cvss epss 0.01

    LenelS2 NetBox access control and event monitoring system was discovered to contain an unauthenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands with elevated permissions.

  • CVE-2024-2420May 30, 2024
    risk 0.00cvss epss 0.01

    LenelS2 NetBox access control and event monitoring system was discovered to contain Hardcoded Credentials in versions prior to and including 5.6.1 which allows an attacker to bypass authentication requirements.