What is the critical vulnerability disclosed by MegaSys Computer Technologies?

MegaSys Computer Technologies has disclosed a critical security vulnerability, tracked as CVE-2024-6404, in its Telenium Online Web Application. This flaw results from improper input validation in a Perl script used to load the login page, allowing an attacker to inject arbitrary Perl code via a crafted HTTP request, leading to remote code execution on the server.

What is the severity of CVE-2024-6404?

CVE-2024-6404 has a CVSS score of 9.8, indicating critical severity. It can allow attackers to gain unauthorized system access, potentially leading to significant security risks, including data compromise and full system takeover.

Which versions of the Telenium Online Web Application are affected?

The affected products are Telenium Online Web Application versions 8.3 and prior. These versions are vulnerable to CVE-2024-6404.

What patches are available to fix CVE-2024-6404?

MegaSys Computer Technologies has released patches for the Telenium Online Web Application: Version 7.4.72 and Version 8.3.36. These patches fix the vulnerability and prevent remote code execution.

What can users do if they cannot immediately apply the patches?

Users who are unable to immediately apply the patches are advised to disable the web/browser-based interface of the Telenium Online Web Application as a temporary mitigation to reduce the risk of exploitation.

Advisory

MegaSys Computer Technologies reports critical flaw in its Telenium Online Web Application

published: Sept. 19, 2024

Learn More

MegaSys Computer Technologies has disclosed a critical security vulnerability in its Telenium Online Web Application. The Telenium Online Web Application from MegaSys Computer Technologies is a network management software used primarily in the telecommunications, energy, government, and utility sectors. It allows users to manage their networks effectively by providing real-time monitoring, fault management, and performance analysis.

The flaw, tracked as CVE-2024-6404 (CVSS score 9.8) arises from improper input validation in a Perl script used to load the login page. The vulnerability allows an attacker to inject arbitrary Perl code via a crafted HTTP request, leading to remote code execution on the server. This could result in significant security risks, including unauthorized system access and data compromise.

Affected Products are Telenium Online Web Application: Versions 8.3 and prior.

MegaSys Computer Technologies has released patches for the Telenium Online Web Application:

Version 7.4.72
Version 8.3.36

Users who are unable to immediately apply these patches are advised to disable the web/browser-based interface as a temporary mitigation.

MegaSys Computer Technologies reports critical flaw in its Telenium Online Web Application

Read More
Nvidia reports critical flaw in Container Toolkit allowing …
Maximum severity flaw reported in Fortra's GoAnywhere MFT …
Newest Ivanti critical vulnerability massively exploited
Oracle releases hundreds of patches in a massive …
Citrix ShareFile RCE Vulnerability Exploited