Headline
CVE-2022-45562: CVE-2022-45562
Insecure permissions in Telos Alliance Omnia MPX Node v1.0.0 to v1.4.9 allow attackers to manipulate and access system settings with backdoor account low privilege, this can lead to change hardware settings and execute arbitrary commands in vulnerable system functions that is requires high privilege to access.
CVE ID: CVE-2022-45562
CVE Author: Momen Eldawakhly (Cyber Guy)
Description:
Insecure permissions in Telos Alliance Omnia MPX Node v1.0.0 to v1.4.9 allow attackers to execute arbitrary system commands and access sensitive data.
PoC Image:
Functions That Should Admin Access [Full]
Functions That Should Backddor Account [Reset] Access [Limited]
Admin Can Access Critical Functions Such System Setup For Example
Exploit | Backdoor Account Can Access Critical Functions
Related news
D-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the System Checks function.