How severe is CVE-2022-31484?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2022-31484?

This is classified as CWE-425, which is a common weakness in software security.

CVE-2022-31484 - HIGH Severity | CVSS 7.5

Vulnerability Description

An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The impact of this vulnerability is that an unauthenticated attacker could restrict access to the web interface to legitimate users and potentially requiring them to use the default user dip switch procedure to gain access back.

Related Vulnerabilities

CVE-2017-14993

HIGH

CVSS:7.5(High)

OXID eShop Community Edition before 6.0.0 RC3 (development), 4.10.x before 4.10.6 (maintenance), and 4.9.x before 4.9.11 (legacy), Enterprise Edition before 6.0.0 RC3 (development), 5.2.x before 5.2.1...

CWE-4252017

CVE-2017-15235

HIGH

CVSS:7.5(High)

The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact fil...

CWE-4252017

CVE-2018-16060

HIGH

CVSS:7.5(High)

Mitsubishi Electric Europe B.V. SmartRTU devices allow remote attackers to obtain sensitive information (directory listing and source code) via a direct request to the /web URI.

CWE-4252018

CVE-2018-16706

HIGH

CVSS:7.5(High)

LG SuperSign CMS allows TVs to be rebooted remotely without authentication via a direct HTTP request to /qsr_server/device/reboot on port 9080.

CWE-4252018

CVE-2018-7526

HIGH

CVSS:7.5(High)

In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, by accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able ...

CWE-4252018

CVE-2019-17643

HIGH

CVSS:7.5(High)

An issue was discovered in Centreon before 2.8-30,18.10-8, 19.04-5, and 19.10-2. It provides sensitive information via an unauthenticated direct request for include/monitoring/recurrentDowntime/GetXML...

CWE-4252019