Login Sign Up

CVE-2024-39374

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

TELSAT marKoni FM Transmitters contain a hidden admin account with hard-coded credentials, allowing attackers to gain administrative access. This affects all organizations using vulnerable TELSAT marKoni FM Transmitters. Attackers can fully compromise the transmitter systems.

💻 Affected Systems

Products:
  • TELSAT marKoni FM Transmitters
Versions: All versions prior to patched versions
Operating Systems: Embedded/ICS systems
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations are vulnerable due to hard-coded credentials.

📦 What is this software?

Markoni D \(compact\) Firmware by Markoni

View all CVEs affecting Markoni D \(compact\) Firmware →

Markoni Dh \(exciter\+amplifiers\) Firmware by Markoni

View all CVEs affecting Markoni Dh \(exciter\+amplifiers\) Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of FM transmitter systems allowing unauthorized broadcast control, signal manipulation, or system shutdown.

🟠

Likely Case

Unauthorized administrative access leading to configuration changes, service disruption, or data exfiltration.

🟢

If Mitigated

Limited impact if network segmentation and access controls prevent external access to management interfaces.

🌐 Internet-Facing: HIGH if management interfaces are exposed to the internet, allowing remote exploitation.
🏢 Internal Only: HIGH as internal attackers or compromised internal systems can exploit the vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires only knowledge of hard-coded credentials and network access to management interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check with TELSAT for specific patched versions

Vendor Advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-01

Restart Required: Yes

Instructions:

1. Contact TELSAT for firmware updates. 2. Apply firmware patch. 3. Restart transmitter. 4. Change all default credentials.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate transmitter management interfaces from untrusted networks

Access Control Lists

all

Implement strict firewall rules limiting access to management interfaces

🧯 If You Can't Patch

  • Implement network segmentation to isolate transmitters from untrusted networks
  • Monitor for unauthorized access attempts to management interfaces

🔍 How to Verify

Check if Vulnerable:

Check if transmitter uses default/hard-coded credentials and if management interface is accessible

Check Version:

Check transmitter web interface or contact TELSAT for version verification

Verify Fix Applied:

Verify firmware version is updated and test that hard-coded credentials no longer work

📡 Detection & Monitoring

Log Indicators:

  • Failed login attempts, successful logins from unexpected sources, configuration changes

Network Indicators:

  • Unauthorized access to management ports, unusual traffic patterns to transmitter IPs

SIEM Query:

source_ip=transmitter_management_interface AND (event_type=authentication OR event_type=configuration_change)

📊 Metadata

CVE ID: CVE-2024-39374
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-798
Published: June 27, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-39374, you might also want to check these:

CVE-2025-20188 10.0

This critical vulnerability in Cisco IOS XE Wireless LAN Controllers allows unauthenticated remote a...

Same vulnerability type (CWE-798)
CVE-2026-22769 10.0

Dell RecoverPoint for Virtual Machines versions before 6.0.3.1 HF1 contain hardcoded credentials tha...

Same vulnerability type (CWE-798)
CVE-2021-0248 10.0

This vulnerability involves hard-coded credentials in Juniper Junos OS on NFX Series devices, allowi...

Same vulnerability type (CWE-798)