CVE-2024-39376
published 2024-06-27CVE-2024-39376: TELSAT marKoni FM Transmitters are vulnerable to users gaining unauthorized access to sensitive information or performing actions beyond their designated…
PriorityP345critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.47%
37.0th percentile
TELSAT marKoni FM Transmitters are vulnerable to users gaining unauthorized access to sensitive information or performing actions beyond their designated permissions.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| markoni | markoni-d_firmware | < 2.0.1 | 2.0.1 |
| markoni | markoni-d_fm_transmitters | < 2.0.1 | 2.0.1 |
| markoni | markoni-dh_firmware | < 2.0.1 | 2.0.1 |
| markoni | markoni-dh_fm_transmitters | < 2.0.1 | 2.0.1 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v93q-27w5-6jq6: TELSAT marKoni FM Transmitters are vulnerable to users gaining unauthorized access to sensitive information or performing actions beyond their designa
ghsa_unreviewed·2024-06-27
CVE-2024-39376 [CRITICAL] CWE-284 GHSA-v93q-27w5-6jq6: TELSAT marKoni FM Transmitters are vulnerable to users gaining unauthorized access to sensitive information or performing actions beyond their designa
TELSAT marKoni FM Transmitters are vulnerable to users gaining unauthorized access to sensitive information or performing actions beyond their designated permissions.
CISA ICS
TELSAT marKoni FM Transmitter
cisa_ics·2024-06-27·CVSS 9.3
[CRITICAL] TELSAT marKoni FM Transmitter
ICS Advisory
##
TELSAT marKoni FM Transmitter
Release DateJune 27, 2024
Alert CodeICSA-24-179-01
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 9.3
- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
- Vendor: marKoni
- Equipment: Markoni-D (Compact) FM Transmitters, Markoni-DH (Exciter+Amplifiers) FM Transmitters
- Vulnerabilities: Command Injection, Use of Hard-coded Credentials, Use of Client-Side Authentication, Improper Access Control
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to tamper with the product to bypass authentication or perform remote code execution.
## 3. TECHNICAL DETA
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-06-27
Published