CISA reports several critical vulnerabilities in TELSAT marKoni’s Markoni-D FM Transmitters
Take action: If you are using TELSAT marKoni's Markoni-D (Compact) and Markoni-DH FM transmitters, patch them as soon as possible. They should be isolated from the internet, but it may not be possible in practical implementation.
Learn More
CISA is reporting several critical vulnerabilities found in TELSAT marKoni’s Markoni-D (Compact) and Markoni-DH (Exciter+Amplifiers) FM Transmitters.
The vulnerabilities can be exploited remotely with low attack complexity, and public exploits are already available.
- CVE-2024-39373 (CVSS score 9.8) - unauthorized access with administrative privileges through command injection.
- CVE-2024-39374 (CVSS score 9.8) - Exploitation of a hidden admin account via hard-coded credentials.
- CVE-2024-39375 (CVSS score 9.8) - Authentication bypass and gaining administrator privileges.
- CVE-2024-39376 (CVSS score 9.8) - Unauthorized access to sensitive information or actions beyond user permissions.
Exploitation of these vulnerabilities can allow attackers to bypass authentication or execute remote code, potentially tampering with the device and compromising its security.
The identified issues include command injection, the use of hard-coded credentials, client-side authentication, and improper access control.
- Markoni-D (Compact) FM Transmitters: All versions prior to 2.0.1
- Markoni-DH (Exciter+Amplifiers) FM Transmitters: All versions prior to 2.0.1
Markoni has released Version 2.0.1 of the TELSAT marKoni FM Transmitter to address these vulnerabilities.
