Omnia MPX 1.5.0+r1 - Local File Inclusion

Telos Alliance Omnia MPX Node through 1.5.0+r1 is vulnerable to local file inclusion via logs/downloadMainLog. By retrieving userDB.json allows an attacker to retrieve cleartext credentials and escalate privileges via the control panel. id: CVE-2022-36642 info: name: Omnia MPX 1.5.0+r1 - Local Fi...

EUVD-2022-46364

Malicious code in bioql PyPI...

CVE-2022-43325

An unauthenticated command injection vulnerability in the product license validation function of Telos Alliance Omnia MPX Node 1.3. - 1.4. allows attackers to execute arbitrary commands via a crafted payload injected into the license input...

CVE-2022-45562

Insecure permissions in Telos Alliance Omnia MPX Node v1.0.0 to v1.4.9 allow attackers to manipulate and access system settings with backdoor account low privilege, this can lead to change hardware settings and execute arbitrary commands in vulnerable system functions that is requires high...

CVE-2022-43326

An Insecure Direct Object Reference IDOR vulnerability in the password reset function of Telos Alliance Omnia MPX Node 1.0.0-1.4. allows attackers to arbitrarily change user and Administrator account passwords...

CVE-2022-36642

A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node through 1.0.0-1.4.9 allows attackers to access users credentials which makes him able to gain initial access to the control panel with high privilege because the cleartext storage of sensitive...

CVE-2022-45562

Insecure permissions in Telos Alliance Omnia MPX Node v1.0.0 to v1.4.9 allow attackers to manipulate and access system settings with backdoor account low privilege, this can lead to change hardware settings and execute arbitrary commands in vulnerable system functions that is requires high...

Design/Logic Flaw

Insecure permissions in Telos Alliance Omnia MPX Node v1.0.0 to v1.4.9 allow attackers to manipulate and access system settings with backdoor account low privilege, this can lead to change hardware settings and execute arbitrary commands in vulnerable system functions that is requires high...

Command injection

An unauthenticated command injection vulnerability in the product license validation function of Telos Alliance Omnia MPX Node 1.3. - 1.4. allows attackers to execute arbitrary commands via a crafted payload injected into the license input...

CVE-2022-45562

The CVE-2022-45562 entry affects Telos Alliance Omnia MPX Node versions 1.0.0 through 1.4.9. A vulnerability from insecure permissions allows an attacker with backdoor low privilege to manipulate and access system settings, potentially changing hardware settings and executing arbitrary commands i...

CVE-2022-43325

CVE-2022-43325 is an unauthenticated command-injection vulnerability in the Telos Alliance Omnia MPX Node license validation feature, affecting versions 1.3.* through 1.4.*. A crafted payload in the license input can allow execution of arbitrary commands. Public sources in connected documents cor...

CVE-2022-45562

Insecure permissions in Telos Alliance Omnia MPX Node v1.0.0 to v1.4.9 allow attackers to manipulate and access system settings with backdoor account low privilege, this can lead to change hardware settings and execute arbitrary commands in vulnerable system functions that is requires high...

CVE-2022-43325

An unauthenticated command injection vulnerability in the product license validation function of Telos Alliance Omnia MPX Node 1.3. - 1.4. allows attackers to execute arbitrary commands via a crafted payload injected into the license input...

PT-2022-27575 · Telos Alliance · Telos Alliance Omnia Mpx Node

Name of the Vulnerable Software and Affected Versions: Telos Alliance Omnia MPX Node versions 1.0.0 through 1.4.9 Description: The issue allows attackers to manipulate and access system settings using a backdoor account with low privilege. This can lead to changes in hardware settings and the...

CVE-2022-43325

An unauthenticated command injection vulnerability in the product license validation function of Telos Alliance Omnia MPX Node 1.3. - 1.4. allows attackers to execute arbitrary commands via a crafted payload injected into the license input...

Telos Alliance Omnia MPX Node Insecure Direct Object Reference Vulnerability

The Telos Alliance Omnia MPX Node is a specialized hardware codec from Telos Alliance, USA. Capable of transmitting or receiving full FM signals at data rates as low as 320 kbps using the Omnia μMPXTM algorithm, it is ideally suited for capacity-limited networks, including IP radios. An insecure...

CVE-2022-43326

An Insecure Direct Object Reference IDOR vulnerability in the password reset function of Telos Alliance Omnia MPX Node 1.0.0-1.4. allows attackers to arbitrarily change user and Administrator account passwords...

Default credentials

An Insecure Direct Object Reference IDOR vulnerability in the password reset function of Telos Alliance Omnia MPX Node 1.0.0-1.4. allows attackers to arbitrarily change user and Administrator account passwords...

CVE-2022-43326

An Insecure Direct Object Reference IDOR vulnerability in the password reset function of Telos Alliance Omnia MPX Node 1.0.0-1.4. allows attackers to arbitrarily change user and Administrator account passwords...

Telos Alliance Omnia MPX Node 安全漏洞

The Telos Alliance Omnia MPX Node is a specialized hardware codec from Telos Alliance, USA. Capable of transmitting or receiving full FM signals at data rates as low as 320 kbps using the Omnia μMPXTM algorithm, it is ideally suited for capacity-limited networks, including IP radios. An insecure...