Hidglobal Lp2500 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Hidglobal Lp2500 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2022-31481 — CVSS 10.0 (critical): An unauthenticated attacker can send a specially crafted update file to the device that can overflow a buffer. This vulnerability impacts…
CVE-2022-31479 — CVSS 9.6 (critical): An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during…
CVE-2022-31483 — CVSS 9.1 (critical): An authenticated attacker can upload a file with a filename including “..” and “/” to achieve the ability to upload the desired…
CVE-2022-31486 — CVSS 8.8 (high): An authenticated attacker can send a specially crafted route to the “edit_route.cgi” binary and have it execute shell commands. This…
CVE-2022-31482 — CVSS 7.5 (high): An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This…
CVE-2022-31480 — CVSS 7.5 (high): An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service (DoS)…
CVE-2022-31484 — CVSS 7.5 (high): An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface. This vulnerability impacts…
CVE-2022-31485 — CVSS 5.3 (medium): An unauthenticated attacker can send a specially crafted packets to update the “notes” section of the home page of the web interface…