CVE-2022-45562

Published: Dec 2, 2022Modified: Apr 24, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Insecure permissions in Telos Alliance Omnia MPX Node v1.0.0 to v1.4.9 allow attackers to manipulate and access system settings with backdoor account low privilege, this can lead to change hardware settings and execute arbitrary commands in vulnerable system functions that is requires high privilege to access.

Affected (1)

Products: Telosalliance: Omnia Mpx Node Firmware

1 product

Omnia Mpx Node Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Telosalliance Omnia Mpx Node Firmware	From 1.0.0 to 1.4.9

Running on/with	Platform Versions
Telosalliance Omnia Mpx Node	All versions

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

https://cyber-guy.gitbook.io/cyber-guys-blog/pocs/cve-2022-45562

Source: cve@mitre.org

ExploitThird Party Advisory

https://cyber-guy.gitbook.io/cyber-guys-blog/pocs/cve-2022-45562

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.