Skip to main content

Lp1501 Firmware

8 CVEs product

Monthly

CVE-2022-31486 HIGH This Week

An authenticated attacker can send a specially crafted route to the “edit_route.cgi” binary and have it execute shell commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Lp1501 Firmware Lp1502 Firmware Lp2500 Firmware Lp4502 Firmware +10
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-31485 MEDIUM This Month

An unauthenticated attacker can send a specially crafted packets to update the “notes” section of the home page of the web interface. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lp1501 Firmware Lp1502 Firmware Lp2500 Firmware Lp4502 Firmware +10
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-31484 HIGH This Week

An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lp1501 Firmware Lp1502 Firmware Lp2500 Firmware Lp4502 Firmware +10
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-31483 HIGH This Week

An authenticated attacker can upload a file with a filename including “..” and “/” to achieve the ability to upload the desired file anywhere on the filesystem. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Lp1501 Firmware Lp1502 Firmware Lp2500 Firmware Lp4502 Firmware +10
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2022-31482 HIGH This Week

An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Lp1501 Firmware Lp1502 Firmware Lp2500 Firmware Lp4502 Firmware +10
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-31481 CRITICAL Act Now

An unauthenticated attacker can send a specially crafted update file to the device that can overflow a buffer. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Lp1501 Firmware Lp1502 Firmware Lp2500 Firmware +11
NVD
CVSS 3.1
10.0
EPSS
1.5%
CVE-2022-31480 HIGH This Week

An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lp1501 Firmware Lp1502 Firmware Lp2500 Firmware Lp4502 Firmware +10
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-31479 CRITICAL Act Now

An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Lp1501 Firmware Lp1502 Firmware Lp2500 Firmware Lp4502 Firmware +10
NVD
CVSS 3.1
9.8
EPSS
2.3%
EPSS 1% CVSS 8.8
HIGH This Week

An authenticated attacker can send a specially crafted route to the “edit_route.cgi” binary and have it execute shell commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Lp1501 Firmware Lp1502 Firmware +12
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

An unauthenticated attacker can send a specially crafted packets to update the “notes” section of the home page of the web interface. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lp1501 Firmware Lp1502 Firmware +12
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lp1501 Firmware Lp1502 Firmware +12
NVD
EPSS 2% CVSS 8.8
HIGH This Week

An authenticated attacker can upload a file with a filename including “..” and “/” to achieve the ability to upload the desired file anywhere on the filesystem. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Lp1501 Firmware Lp1502 Firmware +12
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Lp1501 Firmware Lp1502 Firmware +12
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

An unauthenticated attacker can send a specially crafted update file to the device that can overflow a buffer. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Lp1501 Firmware +13
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lp1501 Firmware Lp1502 Firmware +12
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Lp1501 Firmware Lp1502 Firmware +12
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy