CVE-2022-31482

Name of the Vulnerable Software and Affected Versions HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 versions prior to 1.29

Description The issue is related to a buffer overflow caused by an unauthenticated HTTP request. This can lead to a segmentation fault and a denial-of-service condition, causing the device to reboot. An attacker could leverage this flaw to make the target device unresponsive, and by automating the attack, achieve a persistent denial-of-service, rendering the target controller useless.

Recommendations For versions prior to 1.29, update the firmware to version 1.29 or later to resolve the issue. As a temporary workaround, consider restricting access to the device to minimize the risk of exploitation.