What is CVE-2022-36642?

CVE-2022-36642 is a vulnerability in N/a. Published 2022-09-02.

Is CVE-2022-36642 known to be exploited?

10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2022-36642

A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node through 1.0.0-1.4.9 allows attackers to access users credentials which makes him able to gain initial access to the control panel with high pr…

EPSS: 0.707 (98.7th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

drive.google.com/drive/folders/1jm9h8JNmezTt7AbHYRY7gPC4lXGDNklL (x_refsource_MISC)
www.telosalliance.com/radio-processing/audio-interfaces/omnia-mpx-node (x_refsource_MISC)
cyber-guy.gitbook.io/cyber-guy/pocs/omnia-node-mpx-auth-bypass-via-lfd (x_refsource_MISC)
www.exploit-db.com/exploits/50996 (x_refsource_MISC)
cyber-guy.gitbook.io/cyber-guys-blog/blogs/bypassing-mpx-node-authentication-fi… (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-36642?: CVE-2022-36642 is a vulnerability in N/a. Published 2022-09-02.
Is CVE-2022-36642 known to be exploited?: 10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.