CVE-2024-39373

🗓️ 27 Jun 2024 15:59:20Reported by icscertType

cve🔗 web.nvd.nist.gov👁 57 Views🌐 WEB

TELSAT marKoni FM Transmitters command injection vulnerabilit

Reporter	Title	Published	Views	Family All 9
Cvelist	CVE-2024-39373 Improper Neutralization of Special Elements used in a Command in TELSAT marKoni FM Transmitter	27 Jun 202415:59	–	cvelist
EUVD	EUVD-2024-37923	3 Oct 202520:07	–	euvd
ICS	TELSAT marKoni FM Transmitter	27 Jun 202406:00	–	ics
NVD	CVE-2024-39373	27 Jun 202416:15	–	nvd
OSV	CVE-2024-39373	27 Jun 202416:15	–	osv
Positive Technologies	PT-2024-28474 · Telsat · Telsat Markoni Fm Transmitters	27 Jun 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-39373	9 Jan 202608:33	–	redhatcve
Vulnrichment	CVE-2024-39373 Improper Neutralization of Special Elements used in a Command in TELSAT marKoni FM Transmitter	27 Jun 202415:59	–	vulnrichment
Zero Science Lab	TELSAT marKoni FM Transmitter 1.9.5 Root Command Injection PoC Exploit	30 Jan 202400:00	–	zeroscience

NVD

Vulners

Vulnrichment

Node

markoni markoni-d_(compact)_firmwareRange<2.0.1

AND

markoni markoni-d_(compact)Match-

Node

markoni markoni-dh_(exciter+amplifiers)_firmwareRange<2.0.1

AND

markoni markoni-dh_(exciter+amplifiers)Match-

[
  {
    "defaultStatus": "unaffected",
    "product": "Markoni-D (Compact) FM Transmitters",
    "vendor": "marKoni",
    "versions": [
      {
        "lessThan": "2.0.1",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Markoni-DH (Exciter+Amplifiers) FM Transmitters",
    "vendor": "marKoni",
    "versions": [
      {
        "lessThan": "2.0.1",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
cisa	www.cisa.gov/news-events/ics-advisories/icsa-24-179-01

Parameter	Position	Path	Description	CWE
url	query param	/cgi-bin/ekafcgi.fcgi?OpCode=26	Command injection via the url parameter in GET requests to ekafcgi.fcgi on /cgi-bin/ekafcgi.fcgi, enabling unauthenticated remote code execution with root privileges.	CWE-77

21 Nov 2024 09:27Current

8High risk

Vulners AI Score8

CVSS 3.17.2

CVSS 49.3

EPSS0.00496

SSVC

CWE-77

telsat markoni fm transmitters command injection unauthorized access administrative privileges