.. / CVE-2022-36642

Exploit for Omnia MPX 1.5.0+r1 - Local File Inclusion (CVE-2022-36642)

Description:

Telos Alliance Omnia MPX Node through 1.5.0+r1 is vulnerable to local file inclusion via logs/downloadMainLog. By retrieving userDB.json allows an attacker to retrieve cleartext credentials and escalate privileges via the control panel.

Nuclei Template

View the template here CVE-2022-36642.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-36642.yaml
Copy

References:

https://www.exploit-db.com/exploits/50996
https://nvd.nist.gov/vuln/detail/CVE-2022-36642
https://www.telosalliance.com/radio-processing/audio-interfaces/omnia-mpx-node
https://cyber-guy.gitbook.io/cyber-guy/pocs/omnia-node-mpx-auth-bypass-via-lfd