Create CVE-2022-36642.md

add CVE-2022-36642
2025-06-20 18:00:22 +00:00 · 2023-05-23 15:57:06 +08:00 · 2023-05-23 15:57:06 +08:00 · 67d6f924d8
commit 67d6f924d8
parent 47ee82d59e
1 changed files with 12 additions and 0 deletions
--- a/CVE-2022-36642.md
+++ b/CVE-2022-36642.md
@ -0,0 +1,12 @@
+## Telos Alliance Omnia MPX Node downloadMainLog fnameFile Reading Vulnerability(CVE-2022-36642)
+
+|   **Vulnerability**  | **Telos Alliance Omnia MPX Node downloadMainLog fnameFile Reading Vulnerability(CVE-2022-36642)**  |
+| :----:   | :-----|
+|  **Chinese name**  | Telos Alliance Omnia MPX Node 硬件编解码器 downloadMainLog 文件 fname 参数文件读取漏洞（CVE-2022-36642） |
+| **CVSS core**  | 7.6 |
+| **FOFA Query**  (click to view the results directly)| [body="Omnia MPX"](https://en.fofa.info/result?qbase64=Ym9keT0iT21uaWEgTVBYIg%3D%3D) |
+| **Number of assets affected**  | 49 |
+| **Description**  | Telos Alliance Omnia MPX Node is a special hardware codec of Telos Alliance of the United States. Ability to leverage Omnia μ The MPXTM algorithm sends or receives complete FM signals at data rates as low as 320 kbps, making it ideal for networks with limited capacity, including IP radios. There is a security vulnerability in Telos Alliance Omnia MPX Node 1.5.0+r1 and earlier versions, which originates from the local file disclosure vulnerability in/appConfig/userDB.json. An attacker uses this vulnerability to elevate privileges to root and execute arbitrary commands. |
+| **Impact** | There is a security vulnerability in Telos Alliance Omnia MPX Node 1.5.0+r1 and earlier versions, which originates from the local file disclosure vulnerability in/appConfig/userDB.json. An attacker uses this vulnerability to elevate privileges to root and execute arbitrary commands. |
+
+![](https://s3.bmp.ovh/imgs/2023/05/23/e024d90bde2b5088.gif)