Main Vulnerability Database Vulnerabilities #VU98074

#VU98074 Missing Authentication for Critical Function in Opera Plus FM Family Transmitter - CVE-2024-41988

Published: October 7, 2024

Vulnerability identifier: #VU98074

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2024-41988

CWE-ID: CWE-306

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Opera Plus FM Family Transmitter

Software vendor:
TEM

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to the affected product allows access to an unprotected endpoint that allows MPFS File System binary image upload without authentication. A remote attacker can overwrite the flash program memory that holds the web server's main interfaces and execute arbitrary code.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://www.cisa.gov/news-events/ics-advisories/icsa-24-277-01

#VU98074 Missing Authentication for Critical Function in Opera Plus FM Family Transmitter - CVE-2024-41988

Description

Remediation

External links

Please verify you're human