Carrier Lenels2_lnl-x2210
8 CVEs affecting Carrier Lenels2_lnl-x2210. Latest disclosed: 2022-06-06. Critical: 3, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-31481 | Critical | 10.0 | 2022-06-06 | An unauthenticated attacker can send a specially crafted update file to the device that can overflow a buffer. This vulnerability impacts products based on HID… |
CVE-2022-31479 | Critical | 9.6 | 2022-06-06 | An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection… |
CVE-2022-31483 | Critical | 9.1 | 2022-06-06 | An authenticated attacker can upload a file with a filename including “..” and “/” to achieve the ability to upload the desired file anywhere on the filesystem… |
CVE-2022-31486 | High | 8.8 | 2022-06-06 | An authenticated attacker can send a specially crafted route to the “edit_route.cgi” binary and have it execute shell commands. This vulnerability impacts prod… |
CVE-2022-31484 | High | 7.5 | 2022-06-06 | An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface. This vulnerability impacts products based on H… |
CVE-2022-31482 | High | 7.5 | 2022-06-06 | An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts prod… |
CVE-2022-31480 | High | 7.5 | 2022-06-06 | An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service (DoS). This vulnerability impa… |
CVE-2022-31485 | Medium | 5.3 | 2022-06-06 | An unauthenticated attacker can send a specially crafted packets to update the “notes” section of the home page of the web interface. This vulnerability impact… |