TEM Opera Plus FM Family Transmitter firmware version 35.45 contains a critical unauthenticated file upload vulnerability. An exposed endpoint permits MPFS File System binary image uploads without authentication. The MPFS file system underpins the device's HTTP2 web server module and is also utilized by the SNMP module and other applications requiring basic read-only storage. Successful exploitation allow [truncated]
A critical cross-site request forgery (CSRF) vulnerability exists in the TEM Opera Plus FM Family Transmitter application interface. The interface fails to validate HTTP requests, allowing attackers to perform administrative actions if a logged-in user visits a malicious website. This vulnerability was disclosed by CISA on October 3, 2024, after TEM did not respond to coordination requests. The affected p [truncated]
