1. EXECUTIVE SUMMARY
- CVSS v4 9.3
- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
- Vendor: TEM
- Equipment: Opera Plus FM Family Transmitter
- Vulnerabilities: Missing Authentication for Critical Function, Cross-Site Request Forgery (CSRF)
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to perform remote code execution.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of TEM Opera Plus FM Family Transmitter, a FM Transmitter, are affected:
- Opera Plus FM Family Transmitter: Version 35.45
3.2 Vulnerability Overview
3.2.1 Missing Authentication for Critical Function CWE-306
TEM Opera Plus FM Family Transmitter allows access to an unprotected endpoint that allows MPFS File System binary image upload without authentication. This file system serves as the basis for the HTTP2 web server module but is also used by the SNMP module and is available to other applications that require basic read-only storage capabilities. This can be exploited to overwrite the flash program memory that holds the web server’s main interfaces and execute arbitrary code.
CVE-2024-41988 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
A CVSS v4 score has also been calculated for CVE-2024-41988. A base score of 9.3 has been calculated; the CVSS vector string is (This article has been indexed from All CISA Advisories