Vulnerabilities > Carrier > Lenels2 S2 LP 1501 Firmware > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-06 | CVE-2022-31480 | Forced Browsing vulnerability in multiple products An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service (DoS). | 7.5 |
| 2022-06-06 | CVE-2022-31482 | Classic Buffer Overflow vulnerability in multiple products An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. | 7.5 |
| 2022-06-06 | CVE-2022-31483 | Path Traversal vulnerability in multiple products An authenticated attacker can upload a file with a filename including “..” and “/” to achieve the ability to upload the desired file anywhere on the filesystem. | 8.8 |
| 2022-06-06 | CVE-2022-31484 | Forced Browsing vulnerability in multiple products An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface. | 7.5 |
| 2022-06-06 | CVE-2022-31486 | OS Command Injection vulnerability in multiple products An authenticated attacker can send a specially crafted route to the “edit_route.cgi” binary and have it execute shell commands. | 8.8 |