CVE-2022-36642 Scanner
Detects 'Path Traversal' vulnerability in Telos Alliance Omnia MPX Node affects v. through 1.0.0-1.4.9.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
4 weeks
Scan only one
URL
Toolbox
-
Telos Alliance Omnia MPX Node is an audio processing and distribution system that features a comprehensive web interface for remote administration and monitoring. It is designed to provide radio broadcasters with a high-quality, reliable signal processing and transmission solution. The system enables broadcasters to manage their audio signals with ease and efficiency, with features like automatic gain control, multiband limiting, and stereo enhancement.
The CVE-2022-36642 vulnerability discovered in Telos Alliance Omnia MPX Node can lead to a local file disclosure (LFD) attack that gives cybercriminals unauthorized access to user credentials. This vulnerability is located in /appConfig/userDB.json, which stores sensitive user data in plaintext format. Attackers who exploit this vulnerability can easily retrieve this data and gain high-privileged access to the control panel with minimal effort.
When exploited, this vulnerability can lead to catastrophic security breaches that compromise critical business operations, costing a company millions of dollars. Attackers can use the compromised usernames and passwords to gain unauthorized access to the control panel, enabling them to execute arbitrary code, modify critical system configurations, and exfiltrate sensitive data.
Thanks to the advanced features provided by s4e.io, users of the Telos Alliance Omnia MPX Node and other digital assets can easily and quickly learn about vulnerabilities in their systems. s4e.io offers comprehensive security assessments, vulnerability scanning, and penetration testing to help users identify and mitigate potential cyber threats. With their expert guidance and proactive security measures, users can keep their digital assets secure and protected from the latest cyber threats.
REFERENCES
- https://cyber-guy.gitbook.io/cyber-guy/pocs/omnia-node-mpx-auth-bypass-via-lfd
- https://cyber-guy.gitbook.io/cyber-guys-blog/blogs/bypassing-mpx-node-authentication-firmware-analysis
- https://drive.google.com/drive/folders/1jm9h8JNmezTt7AbHYRY7gPC4lXGDNklL
- https://www.exploit-db.com/exploits/50996
- https://www.telosalliance.com/radio-processing/audio-interfaces/omnia-mpx-node