Описание
An unauthenticated command injection vulnerability in the product license validation function of Telos Alliance Omnia MPX Node 1.3.* - 1.4.* allows attackers to execute arbitrary commands via a crafted payload injected into the license input.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:telosalliance:omnia_mpx_node_firmware:1.3.37:*:*:*:*:*:*:*
cpe:2.3:h:telosalliance:omnia_mpx_node:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:telosalliance:omnia_mpx_node_firmware:1.3.35:*:*:*:*:*:*:*
cpe:2.3:h:telosalliance:omnia_mpx_node:-:*:*:*:*:*:*:*
EPSS
Процентиль: 97%
0.29987
Средний
9.8 Critical
CVSS3
Дефекты
CWE-78
CWE-78
Связанные уязвимости
CVSS3: 9.8
github
около 3 лет назад
An unauthenticated command injection vulnerability in the product license validation function of Telos Alliance Omnia MPX Node 1.3.* - 1.4.* allows attackers to execute arbitrary commands via a crafted payload injected into the license input.
EPSS
Процентиль: 97%
0.29987
Средний
9.8 Critical
CVSS3
Дефекты
CWE-78
CWE-78