Back

CVE-2024-41987

Oct. 3, 2024, 6:15 p.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

TEM Opera Plus FM Family Transmitter

Source

ics-cert@hq.dhs.gov

Tags

CWE-352
ics-cert@hq.dhs.gov
2024-10-03
CVE-2024-41987

CVE-2024-41987 details

Published : Oct. 3, 2024, 6:15 p.m.
Last Modified : Oct. 3, 2024, 6:15 p.m.

Description

The TEM Opera Plus FM Family Transmitter application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description
CWE-352 Cross-Site Request Forgery (CSRF) The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References

URL Source
https://www.cisa.gov/news-events/ics-advisories/icsa-24-277-01 ics-cert@hq.dhs.gov
This website uses the NVD API, but is not approved or certified by it.