CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41988 – Missing Authentication for Critical Function vulnerability in TEM Opera Plus FM Family Transmitter
https://notcve.org/view.php?id=CVE-2024-41988
03 Oct 2024 — TEM Opera Plus FM Family Transmitter allows access to an unprotected endpoint that allows MPFS File System binary image upload without authentication. This file system serves as the basis for the HTTP2 web server module but is also used by the SNMP module and is available to other applications that require basic read-only storage capabilities. This can be exploited to overwrite the flash program memory that holds the web server's main interfaces and execute arbitrary code. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-277-01 • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41987 – Cross-Site Request Forgery (CSRF) vulnerability in TEM Opera Plus FM Family Transmitter
https://notcve.org/view.php?id=CVE-2024-41987
03 Oct 2024 — The TEM Opera Plus FM Family Transmitter application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-277-01 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 3CVE-2022-2591 – TEM FLEX-1085 reboot denial of service
https://notcve.org/view.php?id=CVE-2022-2591
31 Jul 2022 — A vulnerability classified as critical has been found in TEM FLEX-1085 1.6.0. Affected is an unknown function of the file /sistema/flash/reboot. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://www.exploit-db.com/exploits/51438 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 2CVE-2022-1077 – TEM FLEX-1080/FLEX-1085 Log information disclosure
https://notcve.org/view.php?id=CVE-2022-1077
29 Mar 2022 — A vulnerability was found in TEM FLEX-1080 and FLEX-1085 1.6.0. It has been declared as problematic. This vulnerability log.cgi of the component Log Handler. A direct request leads to information disclosure of hardware information. The attack can be initiated remotely and does not require any form of authentication. • https://github.com/MrEmpy/CVE-2022-1077 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-425: Direct Request ('Forced Browsing') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-1074 – TEM FLEX-1085 injection
https://notcve.org/view.php?id=CVE-2022-1074
29 Mar 2022 — A vulnerability has been found in TEM FLEX-1085 1.6.0 and classified as problematic. Using the input <h1>HTML Injection</h1> in the WiFi settings of the dashboard leads to html injection. Se ha encontrado una vulnerabilidad en TEM FLEX-1085 versión 1.6.0 y ha sido clasificada como problemática. El uso de la entrada (h1)HTML Injection(/h1) en la configuración del WiFi del tablero de mandos conlleva a una inyección de html • https://vuldb.com/?id.194845 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •