PT-2024-29676 · Unknown · Tem Opera Plus Fm Family Transmitter
Published
2024-10-03
·
Updated
2024-10-04
·
CVE-2024-41987
CVSS v4.0
8.6
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
TEM Opera Plus FM Family Transmitter version 35.45
Description
The TEM Opera Plus FM Family Transmitter application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. An attacker could launch damaging actions remotely.
Recommendations
For TEM Opera Plus FM Family Transmitter version 35.45, patch immediately to prevent exploitation. Monitor for exploit attempts and consider implementing additional security measures to prevent HTTP cross-site request forgery attacks. As a temporary workaround, consider restricting access to the application interface until a patch is applied.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tem Opera Plus Fm Family Transmitter