Search criteria
8 vulnerabilities by electrolink
CVE-2025-28228 (GCVE-0-2025-28228)
Vulnerability from cvelistv5 – Published: 2025-04-18 00:00 – Updated: 2025-04-22 14:52
VLAI?
Summary
A credential exposure vulnerability in Electrolink 500W, 1kW, 2kW Medium DAB Transmitter Web v01.09, v01.08, v01.07, and Display v1.4, v1.2 allows unauthorized attackers to access credentials in plaintext.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-28228",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T14:52:25.199919Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T14:52:55.391Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-28228"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A credential exposure vulnerability in Electrolink 500W, 1kW, 2kW Medium DAB Transmitter Web v01.09, v01.08, v01.07, and Display v1.4, v1.2 allows unauthorized attackers to access credentials in plaintext."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T14:53:16.047Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-28228"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-28228",
"datePublished": "2025-04-18T00:00:00.000Z",
"dateReserved": "2025-03-11T00:00:00.000Z",
"dateUpdated": "2025-04-22T14:52:55.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3742 (GCVE-0-2024-3742)
Vulnerability from cvelistv5 – Published: 2024-04-18 22:15 – Updated: 2024-08-01 20:20
VLAI?
Title
Electrolink FM/DAB/TV Transmitter Cleartext Storage of Sensitive Information
Summary
Electrolink transmitters store credentials in clear-text. Use of these credentials could allow an attacker to access the system.
Severity ?
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Electrolink | Compact DAB Transmitter |
Affected:
10W
Affected: 100W Affected: 250W |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
Credits
Gjoko Krstic publicly reported these vulnerabilities on the internet after an unsuccessful attempt to contact Electrolink directly.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:electrolink:medium_dab_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "medium dab transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "2kW, 1kW, 500W"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:digital_fm_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "digital fm transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "15W"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:vhf_tv_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vhf tv transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "BI"
},
{
"status": "affected",
"version": "BIII"
},
{
"status": "affected",
"version": "10W"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:high_power_dab_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "high power dab transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "5kW"
},
{
"status": "affected",
"version": "4kW"
},
{
"status": "affected",
"version": "3kW"
},
{
"status": "affected",
"version": "2.5kW"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:compact_dab_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "compact dab transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "10W"
},
{
"status": "affected",
"version": "100W"
},
{
"status": "affected",
"version": "250W"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:modular_fm_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "modular fm transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "3kW"
},
{
"status": "affected",
"version": "5kW"
},
{
"status": "affected",
"version": "10kW"
},
{
"status": "affected",
"version": "15kW"
},
{
"status": "affected",
"version": "20kW"
},
{
"status": "affected",
"version": "30kW"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:compact_fm_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "compact fm transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "500W"
},
{
"status": "affected",
"version": "1kW"
},
{
"status": "affected",
"version": "2kW"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3742",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-07T15:38:32.607032Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:32:02.128Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:20:00.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Compact DAB Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "10W"
},
{
"status": "affected",
"version": "100W"
},
{
"status": "affected",
"version": "250W"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Medium DAB Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "500W"
},
{
"status": "affected",
"version": "1kW"
},
{
"status": "affected",
"version": "2kW"
}
]
},
{
"defaultStatus": "unaffected",
"product": "High Power DAB Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "2.5kW"
},
{
"status": "affected",
"version": "3kW"
},
{
"status": "affected",
"version": "4kW"
},
{
"status": "affected",
"version": "5kW"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Compact FM Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "Compact FM Transmitter"
},
{
"status": "affected",
"version": "500W"
},
{
"status": "affected",
"version": "1kW"
},
{
"status": "affected",
"version": "2kW"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Modular FM Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "3kW"
},
{
"status": "affected",
"version": "5kW"
},
{
"status": "affected",
"version": "10kW"
},
{
"status": "affected",
"version": "15kW"
},
{
"status": "affected",
"version": "20kW"
},
{
"status": "affected",
"version": "30kW"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Digital FM Transmitter",
"vendor": "Electrolink",
"versions": [
{
"lessThanOrEqual": "40kW",
"status": "affected",
"version": "15W",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VHF TV Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "BI"
},
{
"status": "affected",
"version": "BIII"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UHF TV Transmitter",
"vendor": "Electrolink",
"versions": [
{
"lessThanOrEqual": "5kW",
"status": "affected",
"version": "10W",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gjoko Krstic publicly reported these vulnerabilities on the internet after an unsuccessful attempt to contact Electrolink directly."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Electrolink transmitters store credentials in clear-text. Use of these credentials could allow an attacker to access the system."
}
],
"value": "Electrolink transmitters store credentials in clear-text. Use of these credentials could allow an attacker to access the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-28T16:52:22.524Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02"
}
],
"source": {
"advisory": "ICSA-24-107-02",
"discovery": "EXTERNAL"
},
"title": "Electrolink FM/DAB/TV Transmitter Cleartext Storage of Sensitive Information",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://electrolink.com/contacts/\"\u003eElectrolink\u003c/a\u003e for additional information.\n\n\u003cbr\u003e"
}
],
"value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact Electrolink https://electrolink.com/contacts/ for additional information."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-3742",
"datePublished": "2024-04-18T22:15:35.521Z",
"dateReserved": "2024-04-12T19:46:39.173Z",
"dateUpdated": "2024-08-01T20:20:00.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1491 (GCVE-0-2024-1491)
Vulnerability from cvelistv5 – Published: 2024-04-18 22:13 – Updated: 2024-08-01 18:40
VLAI?
Title
Electrolink FM/DAB/TV Transmitter Missing Authentication for Critical Function
Summary
The devices allow access to an unprotected endpoint that allows MPFS
file system binary image upload without authentication. The MPFS2 file
system module provides a light-weight read-only file system that can be
stored in external EEPROM, external serial flash, or internal flash
program memory. This file system serves as the basis for the HTTP2 web
server module, but is also used by the SNMP module and is available to
other applications that require basic read-only storage capabilities.
This can be exploited to overwrite the flash program memory that holds
the web server's main interfaces and execute arbitrary code.
Severity ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Electrolink | Compact DAB Transmitter |
Affected:
10W
Affected: 100W Affected: 250W |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
Credits
Gjoko Krstic publicly reported these vulnerabilities on the internet after an unsuccessful attempt to contact Electrolink directly.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:0xacab:mat2:0.10.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mat2",
"vendor": "0xacab",
"versions": [
{
"status": "affected",
"version": "0.10.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1491",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-23T00:25:00.939738Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T18:01:37.950Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:40:21.285Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Compact DAB Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "10W"
},
{
"status": "affected",
"version": "100W"
},
{
"status": "affected",
"version": "250W"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Medium DAB Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "500W"
},
{
"status": "affected",
"version": "1kW"
},
{
"status": "affected",
"version": "2kW"
}
]
},
{
"defaultStatus": "unaffected",
"product": "High Power DAB Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "2.5kW"
},
{
"status": "affected",
"version": "3kW"
},
{
"status": "affected",
"version": "4kW"
},
{
"status": "affected",
"version": "5kW"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Compact FM Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "Compact FM Transmitter"
},
{
"status": "affected",
"version": "500W"
},
{
"status": "affected",
"version": "1kW"
},
{
"status": "affected",
"version": "2kW"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Modular FM Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "3kW"
},
{
"status": "affected",
"version": "5kW"
},
{
"status": "affected",
"version": "10kW"
},
{
"status": "affected",
"version": "15kW"
},
{
"status": "affected",
"version": "20kW"
},
{
"status": "affected",
"version": "30kW"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Digital FM Transmitter",
"vendor": "Electrolink",
"versions": [
{
"lessThanOrEqual": "40kW",
"status": "affected",
"version": "15W",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VHF TV Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "BI"
},
{
"status": "affected",
"version": "BIII"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UHF TV Transmitter",
"vendor": "Electrolink",
"versions": [
{
"lessThanOrEqual": "5kW",
"status": "affected",
"version": "10W",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gjoko Krstic publicly reported these vulnerabilities on the internet after an unsuccessful attempt to contact Electrolink directly."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The devices allow access to an unprotected endpoint that allows MPFS \nfile system binary image upload without authentication. The MPFS2 file \nsystem module provides a light-weight read-only file system that can be \nstored in external EEPROM, external serial flash, or internal flash \nprogram memory. This file system serves as the basis for the HTTP2 web \nserver module, but is also used by the SNMP module and is available to \nother applications that require basic read-only storage capabilities. \nThis can be exploited to overwrite the flash program memory that holds \nthe web server\u0027s main interfaces and execute arbitrary code."
}
],
"value": "The devices allow access to an unprotected endpoint that allows MPFS \nfile system binary image upload without authentication. The MPFS2 file \nsystem module provides a light-weight read-only file system that can be \nstored in external EEPROM, external serial flash, or internal flash \nprogram memory. This file system serves as the basis for the HTTP2 web \nserver module, but is also used by the SNMP module and is available to \nother applications that require basic read-only storage capabilities. \nThis can be exploited to overwrite the flash program memory that holds \nthe web server\u0027s main interfaces and execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-28T16:51:09.051Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02"
}
],
"source": {
"advisory": "ICSA-24-107-02",
"discovery": "EXTERNAL"
},
"title": "Electrolink FM/DAB/TV Transmitter Missing Authentication for Critical Function",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://electrolink.com/contacts/\"\u003eElectrolink\u003c/a\u003e for additional information.\n\n\u003cbr\u003e"
}
],
"value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact Electrolink https://electrolink.com/contacts/ for additional information."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-1491",
"datePublished": "2024-04-18T22:13:54.962Z",
"dateReserved": "2024-02-14T15:46:18.806Z",
"dateUpdated": "2024-08-01T18:40:21.285Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21846 (GCVE-0-2024-21846)
Vulnerability from cvelistv5 – Published: 2024-04-18 22:12 – Updated: 2024-08-01 22:27
VLAI?
Title
Electrolink FM/DAB/TV Transmitter Missing Authentication for Critical Function
Summary
An unauthenticated attacker can reset the board and stop transmitter
operations by sending a specially-crafted GET request to the command.cgi
gateway, resulting in a denial-of-service scenario.
Severity ?
5.3 (Medium)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Electrolink | Compact DAB Transmitter |
Affected:
10W
Affected: 100W Affected: 250W |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
Credits
Gjoko Krstic publicly reported these vulnerabilities on the internet after an unsuccessful attempt to contact Electrolink directly.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:electrolink:compact_dab_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "compact dab transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "10w"
},
{
"status": "affected",
"version": "100w"
},
{
"status": "affected",
"version": "250w"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:medium_dab_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "medium dab transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "500w"
},
{
"status": "affected",
"version": "1kw"
},
{
"status": "affected",
"version": "2kw"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:high_power_dab_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "high power dab transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "2.5kw"
},
{
"status": "affected",
"version": "3kw"
},
{
"status": "affected",
"version": "4kw"
},
{
"status": "affected",
"version": "5kw"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:compact_fm_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "compact fm transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "500w"
},
{
"status": "affected",
"version": "1kw"
},
{
"status": "affected",
"version": "2kw"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:modular_fm_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "modular fm transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "3kw"
},
{
"status": "affected",
"version": "5kw"
},
{
"status": "affected",
"version": "10kw"
},
{
"status": "affected",
"version": "15kw"
},
{
"status": "affected",
"version": "20kw"
},
{
"status": "affected",
"version": "30kw"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:digital_fm_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "digital fm transmitter",
"vendor": "electrolink",
"versions": [
{
"lessThanOrEqual": "40kw",
"status": "affected",
"version": "15w",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:vhf_tv_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vhf tv transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "bi"
},
{
"status": "affected",
"version": "biii"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:uhf_tv_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "uhf tv transmitter",
"vendor": "electrolink",
"versions": [
{
"lessThanOrEqual": "5kw",
"status": "affected",
"version": "10w",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21846",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-30T18:21:24.697645Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T18:45:39.622Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.317Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Compact DAB Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "10W"
},
{
"status": "affected",
"version": "100W"
},
{
"status": "affected",
"version": "250W"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Medium DAB Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "500W"
},
{
"status": "affected",
"version": "1kW"
},
{
"status": "affected",
"version": "2kW"
}
]
},
{
"defaultStatus": "unaffected",
"product": "High Power DAB Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "2.5kW"
},
{
"status": "affected",
"version": "3kW"
},
{
"status": "affected",
"version": "4kW"
},
{
"status": "affected",
"version": "5kW"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Compact FM Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "Compact FM Transmitter"
},
{
"status": "affected",
"version": "500W"
},
{
"status": "affected",
"version": "1kW"
},
{
"status": "affected",
"version": "2kW"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Modular FM Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "3kW"
},
{
"status": "affected",
"version": "5kW"
},
{
"status": "affected",
"version": "10kW"
},
{
"status": "affected",
"version": "15kW"
},
{
"status": "affected",
"version": "20kW"
},
{
"status": "affected",
"version": "30kW"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Digital FM Transmitter",
"vendor": "Electrolink",
"versions": [
{
"lessThanOrEqual": "40kW",
"status": "affected",
"version": "15W",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VHF TV Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "BI"
},
{
"status": "affected",
"version": "BIII"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UHF TV Transmitter",
"vendor": "Electrolink",
"versions": [
{
"lessThanOrEqual": "5kW",
"status": "affected",
"version": "10W",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gjoko Krstic publicly reported these vulnerabilities on the internet after an unsuccessful attempt to contact Electrolink directly."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated attacker can reset the board and stop transmitter \noperations by sending a specially-crafted GET request to the command.cgi\n gateway, resulting in a denial-of-service scenario."
}
],
"value": "An unauthenticated attacker can reset the board and stop transmitter \noperations by sending a specially-crafted GET request to the command.cgi\n gateway, resulting in a denial-of-service scenario."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-28T16:49:31.786Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02"
}
],
"source": {
"advisory": "ICSA-24-107-02",
"discovery": "EXTERNAL"
},
"title": "Electrolink FM/DAB/TV Transmitter Missing Authentication for Critical Function",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://electrolink.com/contacts/\"\u003eElectrolink\u003c/a\u003e for additional information.\n\n\u003cbr\u003e"
}
],
"value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact Electrolink https://electrolink.com/contacts/ for additional information."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-21846",
"datePublished": "2024-04-18T22:12:36.533Z",
"dateReserved": "2024-01-05T22:07:42.993Z",
"dateUpdated": "2024-08-01T22:27:36.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21872 (GCVE-0-2024-21872)
Vulnerability from cvelistv5 – Published: 2024-04-18 22:10 – Updated: 2024-08-01 22:27
VLAI?
Title
Electrolink FM/DAB/TV Transmitter Reliance on Cookies without Validation and Integrity Checking
Summary
The device allows an unauthenticated attacker to bypass authentication
and modify the cookie to reveal hidden pages that allows more critical
operations to the transmitter.
Severity ?
CWE
- CWE-565 - Reliance on Cookies without Validation and Integrity Checking
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Electrolink | Compact DAB Transmitter |
Affected:
10W
Affected: 100W Affected: 250W |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
Credits
Gjoko Krstic publicly reported these vulnerabilities on the internet after an unsuccessful attempt to contact Electrolink directly.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:electrolink:high_power_dab_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "high power dab transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:compact_dab_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "compact dab transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:modular_fm_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "modular fm transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:compact_fm_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "compact fm transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:digital_fm_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "digital fm transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:vhf_tv_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vhf tv transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21872",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-23T19:24:23.118747Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:37:59.521Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Compact DAB Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "10W"
},
{
"status": "affected",
"version": "100W"
},
{
"status": "affected",
"version": "250W"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Medium DAB Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "500W"
},
{
"status": "affected",
"version": "1kW"
},
{
"status": "affected",
"version": "2kW"
}
]
},
{
"defaultStatus": "unaffected",
"product": "High Power DAB Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "2.5kW"
},
{
"status": "affected",
"version": "3kW"
},
{
"status": "affected",
"version": "4kW"
},
{
"status": "affected",
"version": "5kW"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Compact FM Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "Compact FM Transmitter"
},
{
"status": "affected",
"version": "500W"
},
{
"status": "affected",
"version": "1kW"
},
{
"status": "affected",
"version": "2kW"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Modular FM Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "3kW"
},
{
"status": "affected",
"version": "5kW"
},
{
"status": "affected",
"version": "10kW"
},
{
"status": "affected",
"version": "15kW"
},
{
"status": "affected",
"version": "20kW"
},
{
"status": "affected",
"version": "30kW"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Digital FM Transmitter",
"vendor": "Electrolink",
"versions": [
{
"lessThanOrEqual": "40kW",
"status": "affected",
"version": "15W",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VHF TV Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "BI"
},
{
"status": "affected",
"version": "BIII"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UHF TV Transmitter",
"vendor": "Electrolink",
"versions": [
{
"lessThanOrEqual": "5kW",
"status": "affected",
"version": "10W",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gjoko Krstic publicly reported these vulnerabilities on the internet after an unsuccessful attempt to contact Electrolink directly."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The device allows an unauthenticated attacker to bypass authentication \nand modify the cookie to reveal hidden pages that allows more critical \noperations to the transmitter."
}
],
"value": "The device allows an unauthenticated attacker to bypass authentication \nand modify the cookie to reveal hidden pages that allows more critical \noperations to the transmitter."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-565",
"description": "CWE-565 Reliance on Cookies without Validation and Integrity Checking",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-28T16:48:11.887Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02"
}
],
"source": {
"advisory": "ICSA-24-107-02",
"discovery": "EXTERNAL"
},
"title": "Electrolink FM/DAB/TV Transmitter Reliance on Cookies without Validation and Integrity Checking",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://electrolink.com/contacts/\"\u003eElectrolink\u003c/a\u003e for additional information.\n\n\u003cbr\u003e"
}
],
"value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact Electrolink https://electrolink.com/contacts/ for additional information."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-21872",
"datePublished": "2024-04-18T22:10:42.293Z",
"dateReserved": "2024-01-05T22:07:42.977Z",
"dateUpdated": "2024-08-01T22:27:36.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22186 (GCVE-0-2024-22186)
Vulnerability from cvelistv5 – Published: 2024-04-18 22:08 – Updated: 2024-08-08 15:41
VLAI?
Title
Electrolink FM/DAB/TV Transmitter Reliance on Cookies without Validation and Integrity Checking
Summary
The application suffers from a privilege escalation vulnerability. An
attacker logged in as guest can escalate his privileges by poisoning the
cookie to become administrator.
Severity ?
CWE
- CWE-565 - Reliance on Cookies without Validation and Integrity Checking
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Electrolink | Compact DAB Transmitter |
Affected:
10W
Affected: 100W Affected: 250W |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
Credits
Gjoko Krstic publicly reported these vulnerabilities on the internet after an unsuccessful attempt to contact Electrolink directly.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.875Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:electrolink:compact_dab_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "compact dab transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "10w"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:compact_dab_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "compact dab transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "100w"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:compact_dab_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "compact dab transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "250w"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:medium_dab_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "medium dab transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "1kw"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:medium_dab_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "medium dab transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "2kw"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:medium_dab_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "medium dab transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "500w"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:high_power_dab_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "high power dab transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "2.5kw"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:high_power_dab_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "high power dab transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "3kw"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:high_power_dab_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "high power dab transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "4kw"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:high_power_dab_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "high power dab transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "5kw"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:compact_fm_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "compact fm transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "500w"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:compact_fm_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "compact fm transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "1kw"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:compact_fm_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "compact fm transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "2kw"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:modular_fm_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "modular fm transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "3kw"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:modular_fm_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "modular fm transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "5kw"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:modular_fm_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "modular fm transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "10kw"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:modular_fm_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "modular fm transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "15kw"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:modular_fm_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "modular fm transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "20kw"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:modular_fm_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "modular fm transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "30kw"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:digital_fm_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "digital fm transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "15w"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:vhf_tv_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vhf tv transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "bi"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:vhf_tv_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vhf tv transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "bii"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:uhf_tv_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "uhf tv transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "10w"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22186",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T17:13:45.522317Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T15:41:44.543Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Compact DAB Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "10W"
},
{
"status": "affected",
"version": "100W"
},
{
"status": "affected",
"version": "250W"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Medium DAB Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "500W"
},
{
"status": "affected",
"version": "1kW"
},
{
"status": "affected",
"version": "2kW"
}
]
},
{
"defaultStatus": "unaffected",
"product": "High Power DAB Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "2.5kW"
},
{
"status": "affected",
"version": "3kW"
},
{
"status": "affected",
"version": "4kW"
},
{
"status": "affected",
"version": "5kW"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Compact FM Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "Compact FM Transmitter"
},
{
"status": "affected",
"version": "500W"
},
{
"status": "affected",
"version": "1kW"
},
{
"status": "affected",
"version": "2kW"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Modular FM Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "3kW"
},
{
"status": "affected",
"version": "5kW"
},
{
"status": "affected",
"version": "10kW"
},
{
"status": "affected",
"version": "15kW"
},
{
"status": "affected",
"version": "20kW"
},
{
"status": "affected",
"version": "30kW"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Digital FM Transmitter",
"vendor": "Electrolink",
"versions": [
{
"lessThanOrEqual": "40kW",
"status": "affected",
"version": "15W",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VHF TV Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "BI"
},
{
"status": "affected",
"version": "BIII"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UHF TV Transmitter",
"vendor": "Electrolink",
"versions": [
{
"lessThanOrEqual": "5kW",
"status": "affected",
"version": "10W",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gjoko Krstic publicly reported these vulnerabilities on the internet after an unsuccessful attempt to contact Electrolink directly."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The application suffers from a privilege escalation vulnerability. An \nattacker logged in as guest can escalate his privileges by poisoning the\n cookie to become administrator."
}
],
"value": "The application suffers from a privilege escalation vulnerability. An \nattacker logged in as guest can escalate his privileges by poisoning the\n cookie to become administrator."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-565",
"description": "CWE-565 Reliance on Cookies without Validation and Integrity Checking",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-28T16:46:35.737Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02"
}
],
"source": {
"advisory": "ICSA-24-107-02",
"discovery": "EXTERNAL"
},
"title": "Electrolink FM/DAB/TV Transmitter Reliance on Cookies without Validation and Integrity Checking",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://electrolink.com/contacts/\"\u003eElectrolink\u003c/a\u003e for additional information.\n\n\u003cbr\u003e"
}
],
"value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact Electrolink https://electrolink.com/contacts/ for additional information."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-22186",
"datePublished": "2024-04-18T22:08:17.798Z",
"dateReserved": "2024-01-05T22:07:42.986Z",
"dateUpdated": "2024-08-08T15:41:44.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22179 (GCVE-0-2024-22179)
Vulnerability from cvelistv5 – Published: 2024-04-18 22:06 – Updated: 2024-08-01 22:35
VLAI?
Title
Electrolink FM/DAB/TV Transmitter Authentication Bypass by Assumed-Immutable Data
Summary
The application is vulnerable to an unauthenticated parameter
manipulation that allows an attacker to set the credentials to blank
giving her access to the admin panel. Also vulnerable to account
takeover and arbitrary password change.
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Electrolink | Compact DAB Transmitter |
Affected:
10W
Affected: 100W Affected: 250W |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
Credits
Gjoko Krstic publicly reported these vulnerabilities on the internet after an unsuccessful attempt to contact Electrolink directly.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:electrolink:compact_dab_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "compact dab transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "10w"
},
{
"status": "affected",
"version": "100w"
},
{
"status": "affected",
"version": "250w"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:medium_dab_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "medium dab transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "500w"
},
{
"status": "affected",
"version": "1kw"
},
{
"status": "affected",
"version": "2kw"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:high_power_dab_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "high power dab transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "2.5kw"
},
{
"status": "affected",
"version": "3kw"
},
{
"status": "affected",
"version": "4kw"
},
{
"status": "affected",
"version": "5kw"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:compact_fm_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "compact fm transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "500w"
},
{
"status": "affected",
"version": "1kw"
},
{
"status": "affected",
"version": "2kw"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:modular_fm_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "modular fm transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "3kw"
},
{
"status": "affected",
"version": "5kw"
},
{
"status": "affected",
"version": "10kw"
},
{
"status": "affected",
"version": "15kw"
},
{
"status": "affected",
"version": "20kw"
},
{
"status": "affected",
"version": "30kw"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:digital_fm_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "digital fm transmitter",
"vendor": "electrolink",
"versions": [
{
"lessThanOrEqual": "40kw",
"status": "affected",
"version": "15w",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:vhf_tv_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vhf tv transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "bi"
},
{
"status": "affected",
"version": "biii"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:uhf_tv_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "uhf tv transmitter",
"vendor": "electrolink",
"versions": [
{
"lessThanOrEqual": "5kw",
"status": "affected",
"version": "10w",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22179",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T14:46:38.775197Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T15:05:06.230Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Compact DAB Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "10W"
},
{
"status": "affected",
"version": "100W"
},
{
"status": "affected",
"version": "250W"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Medium DAB Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "500W"
},
{
"status": "affected",
"version": "1kW"
},
{
"status": "affected",
"version": "2kW"
}
]
},
{
"defaultStatus": "unaffected",
"product": "High Power DAB Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "2.5kW"
},
{
"status": "affected",
"version": "3kW"
},
{
"status": "affected",
"version": "4kW"
},
{
"status": "affected",
"version": "5kW"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Compact FM Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "Compact FM Transmitter"
},
{
"status": "affected",
"version": "500W"
},
{
"status": "affected",
"version": "1kW"
},
{
"status": "affected",
"version": "2kW"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Modular FM Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "3kW"
},
{
"status": "affected",
"version": "5kW"
},
{
"status": "affected",
"version": "10kW"
},
{
"status": "affected",
"version": "15kW"
},
{
"status": "affected",
"version": "20kW"
},
{
"status": "affected",
"version": "30kW"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Digital FM Transmitter",
"vendor": "Electrolink",
"versions": [
{
"lessThanOrEqual": "40kW",
"status": "affected",
"version": "15W",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VHF TV Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "BI"
},
{
"status": "affected",
"version": "BIII"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UHF TV Transmitter",
"vendor": "Electrolink",
"versions": [
{
"lessThanOrEqual": "5kW",
"status": "affected",
"version": "10W",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gjoko Krstic publicly reported these vulnerabilities on the internet after an unsuccessful attempt to contact Electrolink directly."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The application is vulnerable to an unauthenticated parameter \nmanipulation that allows an attacker to set the credentials to blank \ngiving her access to the admin panel. Also vulnerable to account \ntakeover and arbitrary password change."
}
],
"value": "The application is vulnerable to an unauthenticated parameter \nmanipulation that allows an attacker to set the credentials to blank \ngiving her access to the admin panel. Also vulnerable to account \ntakeover and arbitrary password change."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-302",
"description": "CWE-302",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-28T16:45:02.057Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02"
}
],
"source": {
"advisory": "ICSA-24-107-02",
"discovery": "EXTERNAL"
},
"title": "Electrolink FM/DAB/TV Transmitter Authentication Bypass by Assumed-Immutable Data",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://electrolink.com/contacts/\"\u003eElectrolink\u003c/a\u003e for additional information.\n\n\u003cbr\u003e"
}
],
"value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact Electrolink https://electrolink.com/contacts/ for additional information."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-22179",
"datePublished": "2024-04-18T22:06:26.781Z",
"dateReserved": "2024-01-05T22:07:42.998Z",
"dateUpdated": "2024-08-01T22:35:34.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3741 (GCVE-0-2024-3741)
Vulnerability from cvelistv5 – Published: 2024-04-18 22:04 – Updated: 2024-08-01 20:20
VLAI?
Title
Electrolink FM/DAB/TV Transmitter Authentication Bypass by Assumed-Immutable Data
Summary
Electrolink transmitters are vulnerable to an authentication bypass
vulnerability affecting the login cookie. An attacker can set an
arbitrary value except 'NO' to the login cookie and have full system
access.
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Electrolink | Compact DAB Transmitter |
Affected:
10W
Affected: 100W Affected: 250W |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
Credits
Gjoko Krstic publicly reported these vulnerabilities on the internet after an unsuccessful attempt to contact Electrolink directly.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:electrolink:medium_dab_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "medium dab transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "2kW"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:uhf_tv_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "uhf tv transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "10W"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:high_power_dab_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "high power dab transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "5kW"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:compact_dab_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "compact dab transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "250W"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:compact_fm_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "compact fm transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "2kW"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:modular_fm_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "modular fm transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "30kW"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:digital_fm_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "digital fm transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "15W"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:vhf_tv_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vhf tv transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "BI"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3741",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-29T18:54:30.103942Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:32:28.173Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:20:01.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Compact DAB Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "10W"
},
{
"status": "affected",
"version": "100W"
},
{
"status": "affected",
"version": "250W"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Medium DAB Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "500W"
},
{
"status": "affected",
"version": "1kW"
},
{
"status": "affected",
"version": "2kW"
}
]
},
{
"defaultStatus": "unaffected",
"product": "High Power DAB Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "2.5kW"
},
{
"status": "affected",
"version": "3kW"
},
{
"status": "affected",
"version": "4kW"
},
{
"status": "affected",
"version": "5kW"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Compact FM Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "Compact FM Transmitter"
},
{
"status": "affected",
"version": "500W"
},
{
"status": "affected",
"version": "1kW"
},
{
"status": "affected",
"version": "2kW"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Modular FM Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "3kW"
},
{
"status": "affected",
"version": "5kW"
},
{
"status": "affected",
"version": "10kW"
},
{
"status": "affected",
"version": "15kW"
},
{
"status": "affected",
"version": "20kW"
},
{
"status": "affected",
"version": "30kW"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Digital FM Transmitter",
"vendor": "Electrolink",
"versions": [
{
"lessThanOrEqual": "40kW",
"status": "affected",
"version": "15W",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VHF TV Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "BI"
},
{
"status": "affected",
"version": "BIII"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UHF TV Transmitter",
"vendor": "Electrolink",
"versions": [
{
"lessThanOrEqual": "5kW",
"status": "affected",
"version": "10W",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gjoko Krstic publicly reported these vulnerabilities on the internet after an unsuccessful attempt to contact Electrolink directly."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Electrolink transmitters are vulnerable to an authentication bypass \nvulnerability affecting the login cookie. An attacker can set an \narbitrary value except \u0027NO\u0027 to the login cookie and have full system \naccess."
}
],
"value": "Electrolink transmitters are vulnerable to an authentication bypass \nvulnerability affecting the login cookie. An attacker can set an \narbitrary value except \u0027NO\u0027 to the login cookie and have full system \naccess."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-302",
"description": "CWE-302",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-28T16:40:14.630Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02"
}
],
"source": {
"advisory": "ICSA-24-107-02",
"discovery": "EXTERNAL"
},
"title": "Electrolink FM/DAB/TV Transmitter Authentication Bypass by Assumed-Immutable Data",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://electrolink.com/contacts/\"\u003eElectrolink\u003c/a\u003e for additional information.\n\n\u003cbr\u003e"
}
],
"value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact Electrolink https://electrolink.com/contacts/ for additional information."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-3741",
"datePublished": "2024-04-18T22:04:46.300Z",
"dateReserved": "2024-04-12T19:35:17.605Z",
"dateUpdated": "2024-08-01T20:20:01.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}