CVE-2022-43326

Published: Nov 29, 2022Modified: Apr 25, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An Insecure Direct Object Reference (IDOR) vulnerability in the password reset function of Telos Alliance Omnia MPX Node 1.0.0-1.4.[*] allows attackers to arbitrarily change user and Administrator account passwords.

Affected (1)

Products: Telosalliance: Omnia Mpx Node Firmware

Telosalliance

1 product

Omnia Mpx Node Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Telosalliance Omnia Mpx Node Firmware	From 1.0.0 to 1.5.0

Running on/with	Platform Versions
Telosalliance Omnia Mpx Node	All versions

Related CWEs

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (2)

https://cyber-guy.gitbook.io/cyber-guys-blog/pocs/cve-2022-43326

Source: cve@mitre.org

ExploitThird Party Advisory

https://cyber-guy.gitbook.io/cyber-guys-blog/pocs/cve-2022-43326

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.