MegaSys Telenium Online Web Application Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in the Telenium Online Web Application by MegaSys Computer Technologies, affecting versions through 8.3. This vulnerability arises from improper input validation in a Perl script that loads the login page. An attacker can exploit this flaw by injecting arbitrary Perl code through a crafted HTTP request, which is then executed on the server.

Impact

Exploitation of this vulnerability allows for arbitrary Perl code injection, leading to remote code execution on the server.

Remediation

Users can upgrade to Telenium Online Web Application versions 7.4.72 or 8.3.36 to address this vulnerability. If immediate installation of the patched versions is not possible, MegaSys Computer Technologies recommends disabling the web interface as a temporary measure. For further assistance, contact MegaSys Computer Technologies support.