Headline
CVE-2022-36642: Omnia Node MPX Auth Bypass via LFD
A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node through 1.5.0+r1 allows attackers to escalate privileges to root and execute arbitrary commands.
Through this vulnerability you can access the whole credentials including the admin/high level accounts credentials, then you can upload new firmware which could be crafted then getting Remote Command Execution, edit the network configuration, e.g.DNS, monitor the traffic, change passwords or even the serve’s IP address, and control the hardware itself. So, actually through this vulnerability the attacker will be able to obtain the users credentials and get access to the panel using it.