PatchSiren

marKoni CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL marKoni CVE published 2024-06-27

CVE-2024-39376

TELSAT marKoni FM Transmitters contain a critical vulnerability that allows unauthorized users to access sensitive information and perform actions beyond their designated permissions. The vulnerability affects Markoni-D (Compact) and Markoni-DH (Exciter+Amplifiers) FM Transmitters running versions prior to 2.0.1. With a CVSS 3.1 score of 9.8, this represents a critical severity issue exploitable remotely [truncated]

CRITICAL marKoni CVE published 2024-06-27

CVE-2024-39375

A critical authentication bypass vulnerability in TELSAT marKoni FM Transmitters allows remote attackers to gain administrator privileges without credentials. The flaw affects Markoni-D (Compact) and Markoni-DH (Exciter+Amplifiers) FM Transmitters running versions prior to 2.0.1. CISA published this advisory on June 27, 2024, with a CVSS 3.1 score of 9.8 (Critical). The vendor has released firmware versio [truncated]

CRITICAL marKoni CVE published 2024-06-27

CVE-2024-39374

TELSAT marKoni FM Transmitters contain a critical vulnerability (CVSS 9.8) in which a hidden administrative account is protected by hard-coded credentials, allowing unauthenticated remote attackers to gain full administrative control. The vulnerability affects Markoni-D (Compact) and Markoni-DH (Exciter+Amplifiers) FM Transmitters prior to version 2.0.1. Because these devices are network-accessible broadc [truncated]

CRITICAL marKoni CVE published 2024-06-27

CVE-2024-39373

A critical command injection vulnerability in TELSAT marKoni FM Transmitters allows unauthenticated remote attackers to gain administrative access by manipulating device settings. The vulnerability affects Markoni-D (Compact) and Markoni-DH (Exciter+Amplifiers) FM Transmitters running versions prior to 2.0.1. With a CVSS 3.1 score of 9.8, this represents maximum severity due to network attack vector, low [truncated]