cvedb.io
CVE-2022-31480
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2022-06-06T17:15:11.030 · Last modified 2026-06-17T04:45:31.597

Summary

An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service (DoS). This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. The attacker needs to have a properly signed and encrypted binary, loading the firmware to the device ultimately triggers a reboot.

Affected products

hidglobal — lp1501_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when hidglobal ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.