CVE-2022-36642 PoC — Telos Alliance Omnia MPX Node 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-36642.yaml

Associated Vulnerability

Title:Telos Alliance Omnia MPX Node 安全漏洞 (CVE-2022-36642)
Description:Telos Alliance Omnia MPX Node是美国Telos Alliance公司的一个专用硬件编解码器。能够利用 Omnia μMPXTM 算法以低至 320 kbps 的数据速率发送或接收完整的 FM 信号，非常适合容量有限的网络（包括 IP 无线电）。 Telos Alliance Omnia MPX Node 1.5.0+r1版本及之前版本存在安全漏洞，该漏洞源于/appConfig/userDB.json 存在本地文件泄露漏洞。攻击者利用该漏洞提升权限到 root 并执行任意命令。

Description

Telos Alliance Omnia MPX Node through 1.5.0+r1 is vulnerable to local file inclusion via logs/downloadMainLog. By retrieving userDB.json allows an attacker to retrieve cleartext credentials and escalate privileges via the control panel.

File Snapshot


 id: CVE-2022-36642

info:
  name: Omnia MPX 1.5.0+r1 - Local File Inclusion
  author: arafatansari,r

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!