CVE-2022-36642 : TELOS ALLIANCE OMNIA MPX NODE UP TO 1.5.0+R1 /APPCONFIG/USERDB.JSON ACCESS CONTROL

Description

A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node through 1.0.0-1.4.9 allows attackers to access users credentials which makes him able to gain initial access to the control panel with high privilege because the cleartext storage of sensitive information which can be unlatched by exploiting the LFD vulnerability.

References

https://cyber-guy.gitbook.io/cyber-guy/pocs/omnia-node-mpx-auth-bypass-via-lfd

https://cyber-guy.gitbook.io/cyber-guys-blog/blogs/bypassing-mpx-node-authentication-firmware-analysis

https://drive.google.com/drive/folders/1jm9h8JNmezTt7AbHYRY7gPC4lXGDNklL

https://www.exploit-db.com/exploits/50996

https://www.telosalliance.com/radio-processing/audio-interfaces/omnia-mpx-node

For More Information

MITRE

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2022-47767 : SOLAR-LOG GATEWAY UP TO 4.2.7/5.1.1 SLCORE BACKDOOR

CVE-2022-47767 : SOLAR-LOG GATEWAY UP TO 4.2.7/5.1.1 SLCORE BACKDOOR

Description A backdoor in Solar-Log Gateway products allows remote access via web panel gaining super administration privileges to the attacker.

CVE-2022-45808 : LEARNPRESS PLUGIN UP TO 4.1.7.3.2 ON WORDPRESS SQL INJECTION

CVE-2022-45808 : LEARNPRESS PLUGIN UP TO 4.1.7.3.2 ON WORDPRESS SQL INJECTION

Description SQL Injection vulnerability in LearnPress – WordPress LMS Plugin

CVE-2023-21795 : MICROSOFT EDGE REMOTE CODE EXECUTION

CVE-2023-21795 : MICROSOFT EDGE REMOTE CODE EXECUTION

Description Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21796. References https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21795 For More Information