TELSAT marKoni FM Transmitter 1.9.5 Root Command Injection

TELSAT marKoni FM Transmitter version 1.9.5 is susceptible to unauthenticated remote code execution with root privileges. An attacker can exploit a command injection vulnerability by manipulating the Email settings' WAN IP info service, which utilizes the wget module. This allows the attacker to gain unauthorized access to the system with administrative privileges by exploiting the url parameter in the HTTP GET request to ekafcgi.fcgi.

access administrative privileges attacker can code code execution command command injection email exploit info injection privileges remote code remote code execution root service settings system transmitter unauthenticated unauthorized unauthorized access version version 1 vulnerability wan wget