CVE-2022-36642 : TELOS ALLIANCE OMNIA MPX NODE UP TO 1.5.0+R1 /APPCONFIG/USERDB.JSON ACCESS CONTROL

Description

A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node through 1.0.0-1.4.9 allows attackers to access users credentials which makes him able to gain initial access to the control panel with high privilege because the cleartext storage of sensitive information which can be unlatched by exploiting the LFD vulnerability.

References

https://cyber-guy.gitbook.io/cyber-guy/pocs/omnia-node-mpx-auth-bypass-via-lfd

https://cyber-guy.gitbook.io/cyber-guys-blog/blogs/bypassing-mpx-node-authentication-firmware-analysis

https://drive.google.com/drive/folders/1jm9h8JNmezTt7AbHYRY7gPC4lXGDNklL

https://www.exploit-db.com/exploits/50996

https://www.telosalliance.com/radio-processing/audio-interfaces/omnia-mpx-node

For More Information

MITRE

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2022-42302 : VERITAS NETBACKUP UP TO 10.0 NBFSMCLIENT SERVICE SQL INJECTION

CVE-2022-42302 : VERITAS NETBACKUP UP TO 10.0 NBFSMCLIENT SERVICE SQL INJECTION

Description An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable

CVE-2022-39266 : ISOLATED-VM UP TO 4.3.6 API PROTECTION MECHANISM

CVE-2022-39266 : ISOLATED-VM UP TO 4.3.6 API PROTECTION MECHANISM

Description isolated-vm is a library for nodejs which gives the user access to v8’s Isolate interface. In versions 4.3.6 and

CVE-2022-34424 : DELL OS10 10.5.1.X/10.5.2.X/10.5.3.X OUT-OF-BOUNDS WRITE

CVE-2022-34424 : DELL OS10 10.5.1.X/10.5.2.X/10.5.3.X OUT-OF-BOUNDS WRITE

Description Networking OS10, versions 10.5.1.x, 10.5.2.x, and 10.5.3.x contain a vulnerability that could allow an attacker to cause a system