Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-21872 (GCVE-0-2024-21872)
Vulnerability from cvelistv5 – Published: 2024-04-18 22:10 – Updated: 2024-08-01 22:27
VLAI
EPSS
Title
Electrolink FM/DAB/TV Transmitter Reliance on Cookies without Validation and Integrity Checking
Summary
The device allows an unauthenticated attacker to bypass authentication
and modify the cookie to reveal hidden pages that allows more critical
operations to the transmitter.
Severity
CWE
- CWE-565 - Reliance on Cookies without Validation and Integrity Checking
Assigner
References
1 reference
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| Electrolink | Compact DAB Transmitter |
Affected:
10W
Affected: 100W Affected: 250W |
|
| Electrolink | Medium DAB Transmitter |
Affected:
500W
Affected: 1kW Affected: 2kW |
|
| Electrolink | High Power DAB Transmitter |
Affected:
2.5kW
Affected: 3kW Affected: 4kW Affected: 5kW |
|
| Electrolink | Compact FM Transmitter |
Affected:
Compact FM Transmitter
Affected: 500W Affected: 1kW Affected: 2kW |
|
| Electrolink | Modular FM Transmitter |
Affected:
3kW
Affected: 5kW Affected: 10kW Affected: 15kW Affected: 20kW Affected: 30kW |
|
| Electrolink | Digital FM Transmitter |
Affected:
15W , ≤ 40kW
(custom)
|
|
| Electrolink | VHF TV Transmitter |
Affected:
BI
Affected: BIII |
|
| Electrolink | UHF TV Transmitter |
Affected:
10W , ≤ 5kW
(custom)
|
Credits
Gjoko Krstic publicly reported these vulnerabilities on the internet after an unsuccessful attempt to contact Electrolink directly.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:electrolink:high_power_dab_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "high power dab transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:compact_dab_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "compact dab transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:modular_fm_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "modular fm transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:compact_fm_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "compact fm transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:digital_fm_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "digital fm transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:vhf_tv_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vhf tv transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21872",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-23T19:24:23.118747Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:37:59.521Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Compact DAB Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "10W"
},
{
"status": "affected",
"version": "100W"
},
{
"status": "affected",
"version": "250W"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Medium DAB Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "500W"
},
{
"status": "affected",
"version": "1kW"
},
{
"status": "affected",
"version": "2kW"
}
]
},
{
"defaultStatus": "unaffected",
"product": "High Power DAB Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "2.5kW"
},
{
"status": "affected",
"version": "3kW"
},
{
"status": "affected",
"version": "4kW"
},
{
"status": "affected",
"version": "5kW"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Compact FM Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "Compact FM Transmitter"
},
{
"status": "affected",
"version": "500W"
},
{
"status": "affected",
"version": "1kW"
},
{
"status": "affected",
"version": "2kW"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Modular FM Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "3kW"
},
{
"status": "affected",
"version": "5kW"
},
{
"status": "affected",
"version": "10kW"
},
{
"status": "affected",
"version": "15kW"
},
{
"status": "affected",
"version": "20kW"
},
{
"status": "affected",
"version": "30kW"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Digital FM Transmitter",
"vendor": "Electrolink",
"versions": [
{
"lessThanOrEqual": "40kW",
"status": "affected",
"version": "15W",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VHF TV Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "BI"
},
{
"status": "affected",
"version": "BIII"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UHF TV Transmitter",
"vendor": "Electrolink",
"versions": [
{
"lessThanOrEqual": "5kW",
"status": "affected",
"version": "10W",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gjoko Krstic publicly reported these vulnerabilities on the internet after an unsuccessful attempt to contact Electrolink directly."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The device allows an unauthenticated attacker to bypass authentication \nand modify the cookie to reveal hidden pages that allows more critical \noperations to the transmitter."
}
],
"value": "The device allows an unauthenticated attacker to bypass authentication \nand modify the cookie to reveal hidden pages that allows more critical \noperations to the transmitter."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-565",
"description": "CWE-565 Reliance on Cookies without Validation and Integrity Checking",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-28T16:48:11.887Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02"
}
],
"source": {
"advisory": "ICSA-24-107-02",
"discovery": "EXTERNAL"
},
"title": "Electrolink FM/DAB/TV Transmitter Reliance on Cookies without Validation and Integrity Checking",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://electrolink.com/contacts/\"\u003eElectrolink\u003c/a\u003e for additional information.\n\n\u003cbr\u003e"
}
],
"value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact Electrolink https://electrolink.com/contacts/ for additional information."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-21872",
"datePublished": "2024-04-18T22:10:42.293Z",
"dateReserved": "2024-01-05T22:07:42.977Z",
"dateUpdated": "2024-08-01T22:27:36.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-21872",
"date": "2026-05-28",
"epss": "0.00039",
"percentile": "0.12079"
},
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"The device allows an unauthenticated attacker to bypass authentication \\nand modify the cookie to reveal hidden pages that allows more critical \\noperations to the transmitter.\"}, {\"lang\": \"es\", \"value\": \"El dispositivo permite a un atacante no autenticado eludir la autenticaci\\u00f3n y modificar la cookie para revelar p\\u00e1ginas ocultas que permiten operaciones m\\u00e1s cr\\u00edticas para el transmisor.\"}]",
"id": "CVE-2024-21872",
"lastModified": "2024-11-21T08:55:09.673",
"metrics": "{\"cvssMetricV40\": [{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"4.0\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\", \"baseScore\": 8.7, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"vulnerableSystemConfidentiality\": \"HIGH\", \"vulnerableSystemIntegrity\": \"NONE\", \"vulnerableSystemAvailability\": \"NONE\", \"subsequentSystemConfidentiality\": \"NONE\", \"subsequentSystemIntegrity\": \"NONE\", \"subsequentSystemAvailability\": \"NONE\", \"exploitMaturity\": \"NOT_DEFINED\", \"confidentialityRequirements\": \"NOT_DEFINED\", \"integrityRequirements\": \"NOT_DEFINED\", \"availabilityRequirements\": \"NOT_DEFINED\", \"modifiedAttackVector\": \"NOT_DEFINED\", \"modifiedAttackComplexity\": \"NOT_DEFINED\", \"modifiedAttackRequirements\": \"NOT_DEFINED\", \"modifiedPrivilegesRequired\": \"NOT_DEFINED\", \"modifiedUserInteraction\": \"NOT_DEFINED\", \"modifiedVulnerableSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedVulnerableSystemIntegrity\": \"NOT_DEFINED\", \"modifiedVulnerableSystemAvailability\": \"NOT_DEFINED\", \"modifiedSubsequentSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedSubsequentSystemIntegrity\": \"NOT_DEFINED\", \"modifiedSubsequentSystemAvailability\": \"NOT_DEFINED\", \"safety\": \"NOT_DEFINED\", \"automatable\": \"NOT_DEFINED\", \"recovery\": \"NOT_DEFINED\", \"valueDensity\": \"NOT_DEFINED\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\"}}], \"cvssMetricV31\": [{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
"published": "2024-04-18T23:15:07.123",
"references": "[{\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02\", \"source\": \"ics-cert@hq.dhs.gov\"}, {\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-565\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-21872\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2024-04-18T23:15:07.123\",\"lastModified\":\"2024-11-21T08:55:09.673\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The device allows an unauthenticated attacker to bypass authentication \\nand modify the cookie to reveal hidden pages that allows more critical \\noperations to the transmitter.\"},{\"lang\":\"es\",\"value\":\"El dispositivo permite a un atacante no autenticado eludir la autenticaci\u00f3n y modificar la cookie para revelar p\u00e1ginas ocultas que permiten operaciones m\u00e1s cr\u00edticas para el transmisor.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-565\"}]}],\"references\":[{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02\",\"source\":\"ics-cert@hq.dhs.gov\"},{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T22:27:36.412Z\"}}, {\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-21872\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-04-23T19:24:23.118747Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:electrolink:high_power_dab_transmitter:*:*:*:*:*:*:*:*\"], \"vendor\": \"electrolink\", \"product\": \"high power dab transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:electrolink:compact_dab_transmitter:*:*:*:*:*:*:*:*\"], \"vendor\": \"electrolink\", \"product\": \"compact dab transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:electrolink:modular_fm_transmitter:*:*:*:*:*:*:*:*\"], \"vendor\": \"electrolink\", \"product\": \"modular fm transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:electrolink:compact_fm_transmitter:*:*:*:*:*:*:*:*\"], \"vendor\": \"electrolink\", \"product\": \"compact fm transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:electrolink:digital_fm_transmitter:*:*:*:*:*:*:*:*\"], \"vendor\": \"electrolink\", \"product\": \"digital fm transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:electrolink:vhf_tv_transmitter:*:*:*:*:*:*:*:*\"], \"vendor\": \"electrolink\", \"product\": \"vhf tv transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-04-23T19:19:35.067Z\"}, \"title\": \"CISA ADP Vulnrichment\"}], \"cna\": {\"title\": \"Electrolink FM/DAB/TV Transmitter Reliance on Cookies without Validation and Integrity Checking\", \"source\": {\"advisory\": \"ICSA-24-107-02\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Gjoko Krstic publicly reported these vulnerabilities on the internet after an unsuccessful attempt to contact Electrolink directly.\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 8.7, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Electrolink\", \"product\": \"Compact DAB Transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"10W\"}, {\"status\": \"affected\", \"version\": \"100W\"}, {\"status\": \"affected\", \"version\": \"250W\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Electrolink\", \"product\": \"Medium DAB Transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"500W\"}, {\"status\": \"affected\", \"version\": \"1kW\"}, {\"status\": \"affected\", \"version\": \"2kW\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Electrolink\", \"product\": \"High Power DAB Transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.5kW\"}, {\"status\": \"affected\", \"version\": \"3kW\"}, {\"status\": \"affected\", \"version\": \"4kW\"}, {\"status\": \"affected\", \"version\": \"5kW\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Electrolink\", \"product\": \"Compact FM Transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"Compact FM Transmitter\"}, {\"status\": \"affected\", \"version\": \"500W\"}, {\"status\": \"affected\", \"version\": \"1kW\"}, {\"status\": \"affected\", \"version\": \"2kW\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Electrolink\", \"product\": \"Modular FM Transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"3kW\"}, {\"status\": \"affected\", \"version\": \"5kW\"}, {\"status\": \"affected\", \"version\": \"10kW\"}, {\"status\": \"affected\", \"version\": \"15kW\"}, {\"status\": \"affected\", \"version\": \"20kW\"}, {\"status\": \"affected\", \"version\": \"30kW\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Electrolink\", \"product\": \"Digital FM Transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"15W\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"40kW\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Electrolink\", \"product\": \"VHF TV Transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"BI\"}, {\"status\": \"affected\", \"version\": \"BIII\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Electrolink\", \"product\": \"UHF TV Transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"10W\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5kW\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Electrolink has not responded to requests to work with CISA to mitigate \\nthese vulnerabilities. Users of the affected products are encouraged to \\ncontact Electrolink https://electrolink.com/contacts/ for additional information.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Electrolink has not responded to requests to work with CISA to mitigate \\nthese vulnerabilities. Users of the affected products are encouraged to \\ncontact \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://electrolink.com/contacts/\\\"\u003eElectrolink\u003c/a\u003e for additional information.\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The device allows an unauthenticated attacker to bypass authentication \\nand modify the cookie to reveal hidden pages that allows more critical \\noperations to the transmitter.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The device allows an unauthenticated attacker to bypass authentication \\nand modify the cookie to reveal hidden pages that allows more critical \\noperations to the transmitter.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-565\", \"description\": \"CWE-565 Reliance on Cookies without Validation and Integrity Checking\"}]}], \"providerMetadata\": {\"orgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"shortName\": \"icscert\", \"dateUpdated\": \"2024-05-28T16:48:11.887Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-21872\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-01T22:27:36.412Z\", \"dateReserved\": \"2024-01-05T22:07:42.977Z\", \"assignerOrgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"datePublished\": \"2024-04-18T22:10:42.293Z\", \"assignerShortName\": \"icscert\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
FKIE_CVE-2024-21872
Vulnerability from fkie_nvd - Published: 2024-04-18 23:15 - Updated: 2026-04-15 00:35
Severity
Summary
The device allows an unauthenticated attacker to bypass authentication
and modify the cookie to reveal hidden pages that allows more critical
operations to the transmitter.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The device allows an unauthenticated attacker to bypass authentication \nand modify the cookie to reveal hidden pages that allows more critical \noperations to the transmitter."
},
{
"lang": "es",
"value": "El dispositivo permite a un atacante no autenticado eludir la autenticaci\u00f3n y modificar la cookie para revelar p\u00e1ginas ocultas que permiten operaciones m\u00e1s cr\u00edticas para el transmisor."
}
],
"id": "CVE-2024-21872",
"lastModified": "2026-04-15T00:35:42.020",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
},
"published": "2024-04-18T23:15:07.123",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-565"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
}
GHSA-9C86-QQFM-5HF3
Vulnerability from github – Published: 2024-04-19 00:30 – Updated: 2024-04-19 00:30
VLAI
Details
The device allows an unauthenticated attacker to bypass authentication and modify the cookie to reveal hidden pages that allows more critical operations to the transmitter.
Severity
7.5 (High)
{
"affected": [],
"aliases": [
"CVE-2024-21872"
],
"database_specific": {
"cwe_ids": [
"CWE-565"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-18T23:15:07Z",
"severity": "HIGH"
},
"details": "\nThe device allows an unauthenticated attacker to bypass authentication \nand modify the cookie to reveal hidden pages that allows more critical \noperations to the transmitter.\n\n",
"id": "GHSA-9c86-qqfm-5hf3",
"modified": "2024-04-19T00:30:54Z",
"published": "2024-04-19T00:30:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21872"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GSD-2024-21872
Vulnerability from gsd - Updated: 2024-01-06 06:02Details
The device allows an unauthenticated attacker to bypass authentication
and modify the cookie to reveal hidden pages that allows more critical
operations to the transmitter.
Aliases
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2024-21872"
],
"details": "\nThe device allows an unauthenticated attacker to bypass authentication \nand modify the cookie to reveal hidden pages that allows more critical \noperations to the transmitter.\n\n",
"id": "GSD-2024-21872",
"modified": "2024-01-06T06:02:13.390311Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2024-21872",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Compact DAB Transmitter",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10W"
},
{
"version_affected": "=",
"version_value": "100W"
},
{
"version_affected": "=",
"version_value": "250W"
}
]
}
},
{
"product_name": "Medium DAB Transmitter",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "500W"
},
{
"version_affected": "=",
"version_value": "1kW"
},
{
"version_affected": "=",
"version_value": "2kW"
}
]
}
},
{
"product_name": "High Power DAB Transmitter",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.5kW"
},
{
"version_affected": "=",
"version_value": "3kW"
},
{
"version_affected": "=",
"version_value": "4kW"
},
{
"version_affected": "=",
"version_value": "5kW "
}
]
}
},
{
"product_name": "Compact FM Transmitter",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Compact FM Transmitter"
},
{
"version_affected": "=",
"version_value": "500W"
},
{
"version_affected": "=",
"version_value": "1kW"
},
{
"version_affected": "=",
"version_value": "2kW "
}
]
}
},
{
"product_name": "Modular FM Transmitter",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3kW"
},
{
"version_affected": "=",
"version_value": "5kW"
},
{
"version_affected": "=",
"version_value": "10kW"
},
{
"version_affected": "=",
"version_value": "15kW"
},
{
"version_affected": "=",
"version_value": "20kW"
},
{
"version_affected": "=",
"version_value": "30kW "
}
]
}
},
{
"product_name": "Digital FM Transmitter",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "15W ",
"version_value": "40kW "
}
]
}
},
{
"product_name": "VHF TV Transmitter",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "BI"
},
{
"version_affected": "=",
"version_value": "BIII "
}
]
}
},
{
"product_name": "UHF TV Transmitter",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "10W ",
"version_value": "5kW "
}
]
}
}
]
},
"vendor_name": "Electrolink "
}
]
}
},
"credits": [
{
"lang": "en",
"value": "Gjoko Krstic publicly reported these vulnerabilities on the internet after an unsuccessful attempt to contact Electrolink directly."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "\nThe device allows an unauthenticated attacker to bypass authentication \nand modify the cookie to reveal hidden pages that allows more critical \noperations to the transmitter.\n\n"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-565",
"lang": "eng",
"value": "CWE-565 Reliance on Cookies without Validation and Integrity Checking"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02"
}
]
},
"source": {
"advisory": "ICSA-24-107-02",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nElectrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://electrolink.com/contacts/\"\u003eElectrolink\u003c/a\u003e for additional information.\n\n\u003cbr\u003e"
}
],
"value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact Electrolink https://electrolink.com/contacts/ for additional information.\n\n"
}
]
},
"nvd.nist.gov": {
"cve": {
"descriptions": [
{
"lang": "en",
"value": "\nThe device allows an unauthenticated attacker to bypass authentication \nand modify the cookie to reveal hidden pages that allows more critical \noperations to the transmitter.\n\n"
},
{
"lang": "es",
"value": "El dispositivo permite a un atacante no autenticado eludir la autenticaci\u00f3n y modificar la cookie para revelar p\u00e1ginas ocultas que permiten operaciones m\u00e1s cr\u00edticas para el transmisor."
}
],
"id": "CVE-2024-21872",
"lastModified": "2024-04-19T13:10:25.637",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
},
"published": "2024-04-18T23:15:07.123",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-565"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
}
}
}
ICSA-24-107-02
Vulnerability from csaf_cisa - Published: 2024-04-16 06:00 - Updated: 2024-04-16 06:00Summary
Electrolink FM/DAB/TV Transmitter
Notes
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation: Successful exploitation of these vulnerabilities could allow an attacker to obtain full system access, keep the device from transmitting, escalate privileges, change credentials, and execute arbitrary code.
Critical infrastructure sectors: Communications Sector
Countries/areas deployed: Worldwide
Company headquarters location: Italy
Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:
Recommended Practices: Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Recommended Practices: Locate control system networks and remote devices behind firewalls and isolating them from business networks.
Recommended Practices: When remote access is required, use more secure methods, such as virtual private networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
Recommended Practices: No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.
7.5 (High)
Affected products
Known affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Electrolink 10W Compact DAB Transmitter: vers:all/*
Electrolink / 10W Compact DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 100W Compact DAB Transmitter: vers:all/*
Electrolink / 100W Compact DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 250W Compact DAB Transmitter: vers:all/*
Electrolink / 250W Compact DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 500W Medium DAB Transmitter: vers:all/*
Electrolink / 500W Medium DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 1kW Medium DAB Transmitter: vers:all/*
Electrolink / 1kW Medium DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 2kW Medium DAB Transmitter: vers:all/*
Electrolink / 2kW Medium DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 2.5kW High Power DAB Transmitter: vers:all/*
Electrolink / 2.5kW High Power DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 3kW High Power DAB Transmitter: vers:all/*
Electrolink / 3kW High Power DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 4kW High Power DAB Transmitter: vers:all/*
Electrolink / 4kW High Power DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 5kW High Power DAB Transmitter: vers:all/*
Electrolink / 5kW High Power DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 100W Compact FM Transmitter: vers:all/*
Electrolink / 100W Compact FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 500W Compact FM Transmitter: vers:all/*
Electrolink / 500W Compact FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 1kW Compact FM Transmitter: vers:all/*
Electrolink / 1kW Compact FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 2kW Compact FM Transmitter: vers:all/*
Electrolink / 2kW Compact FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 3kW Modular FM Transmitter: vers:all/*
Electrolink / 3kW Modular FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 5kW Modular FM Transmitter: vers:all/*
Electrolink / 5kW Modular FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 10kW Modular FM Transmitter: vers:all/*
Electrolink / 10kW Modular FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 15kW Modular FM Transmitter: vers:all/*
Electrolink / 15kW Modular FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 20kW Modular FM Transmitter: vers:all/*
Electrolink / 20kW Modular FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 30kW Modular FM Transmitter: vers:all/*
Electrolink / 30kW Modular FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 15W - 40kW Digital FM Transmitter: vers:all/*
Electrolink / 15W - 40kW Digital FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink BI VHF TV Transmitter: vers:all/*
Electrolink / BI VHF TV Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink BIII VHF TV Transmitter: vers:all/*
Electrolink / BIII VHF TV Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 10W - 5kW UHF TV Transmitter: vers:all/*
Electrolink / 10W - 5kW UHF TV Transmitter
|
vers:all/* |
Mitigation
fix
|
7.5 (High)
Affected products
Known affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Electrolink 10W Compact DAB Transmitter: vers:all/*
Electrolink / 10W Compact DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 100W Compact DAB Transmitter: vers:all/*
Electrolink / 100W Compact DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 250W Compact DAB Transmitter: vers:all/*
Electrolink / 250W Compact DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 500W Medium DAB Transmitter: vers:all/*
Electrolink / 500W Medium DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 1kW Medium DAB Transmitter: vers:all/*
Electrolink / 1kW Medium DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 2kW Medium DAB Transmitter: vers:all/*
Electrolink / 2kW Medium DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 2.5kW High Power DAB Transmitter: vers:all/*
Electrolink / 2.5kW High Power DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 3kW High Power DAB Transmitter: vers:all/*
Electrolink / 3kW High Power DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 4kW High Power DAB Transmitter: vers:all/*
Electrolink / 4kW High Power DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 5kW High Power DAB Transmitter: vers:all/*
Electrolink / 5kW High Power DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 100W Compact FM Transmitter: vers:all/*
Electrolink / 100W Compact FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 500W Compact FM Transmitter: vers:all/*
Electrolink / 500W Compact FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 1kW Compact FM Transmitter: vers:all/*
Electrolink / 1kW Compact FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 2kW Compact FM Transmitter: vers:all/*
Electrolink / 2kW Compact FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 3kW Modular FM Transmitter: vers:all/*
Electrolink / 3kW Modular FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 5kW Modular FM Transmitter: vers:all/*
Electrolink / 5kW Modular FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 10kW Modular FM Transmitter: vers:all/*
Electrolink / 10kW Modular FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 15kW Modular FM Transmitter: vers:all/*
Electrolink / 15kW Modular FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 20kW Modular FM Transmitter: vers:all/*
Electrolink / 20kW Modular FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 30kW Modular FM Transmitter: vers:all/*
Electrolink / 30kW Modular FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 15W - 40kW Digital FM Transmitter: vers:all/*
Electrolink / 15W - 40kW Digital FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink BI VHF TV Transmitter: vers:all/*
Electrolink / BI VHF TV Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink BIII VHF TV Transmitter: vers:all/*
Electrolink / BIII VHF TV Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 10W - 5kW UHF TV Transmitter: vers:all/*
Electrolink / 10W - 5kW UHF TV Transmitter
|
vers:all/* |
Mitigation
fix
|
8.8 (High)
Affected products
Known affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Electrolink 10W Compact DAB Transmitter: vers:all/*
Electrolink / 10W Compact DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 100W Compact DAB Transmitter: vers:all/*
Electrolink / 100W Compact DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 250W Compact DAB Transmitter: vers:all/*
Electrolink / 250W Compact DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 500W Medium DAB Transmitter: vers:all/*
Electrolink / 500W Medium DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 1kW Medium DAB Transmitter: vers:all/*
Electrolink / 1kW Medium DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 2kW Medium DAB Transmitter: vers:all/*
Electrolink / 2kW Medium DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 2.5kW High Power DAB Transmitter: vers:all/*
Electrolink / 2.5kW High Power DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 3kW High Power DAB Transmitter: vers:all/*
Electrolink / 3kW High Power DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 4kW High Power DAB Transmitter: vers:all/*
Electrolink / 4kW High Power DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 5kW High Power DAB Transmitter: vers:all/*
Electrolink / 5kW High Power DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 100W Compact FM Transmitter: vers:all/*
Electrolink / 100W Compact FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 500W Compact FM Transmitter: vers:all/*
Electrolink / 500W Compact FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 1kW Compact FM Transmitter: vers:all/*
Electrolink / 1kW Compact FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 2kW Compact FM Transmitter: vers:all/*
Electrolink / 2kW Compact FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 3kW Modular FM Transmitter: vers:all/*
Electrolink / 3kW Modular FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 5kW Modular FM Transmitter: vers:all/*
Electrolink / 5kW Modular FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 10kW Modular FM Transmitter: vers:all/*
Electrolink / 10kW Modular FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 15kW Modular FM Transmitter: vers:all/*
Electrolink / 15kW Modular FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 20kW Modular FM Transmitter: vers:all/*
Electrolink / 20kW Modular FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 30kW Modular FM Transmitter: vers:all/*
Electrolink / 30kW Modular FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 15W - 40kW Digital FM Transmitter: vers:all/*
Electrolink / 15W - 40kW Digital FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink BI VHF TV Transmitter: vers:all/*
Electrolink / BI VHF TV Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink BIII VHF TV Transmitter: vers:all/*
Electrolink / BIII VHF TV Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 10W - 5kW UHF TV Transmitter: vers:all/*
Electrolink / 10W - 5kW UHF TV Transmitter
|
vers:all/* |
Mitigation
fix
|
7.5 (High)
Affected products
Known affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Electrolink 10W Compact DAB Transmitter: vers:all/*
Electrolink / 10W Compact DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 100W Compact DAB Transmitter: vers:all/*
Electrolink / 100W Compact DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 250W Compact DAB Transmitter: vers:all/*
Electrolink / 250W Compact DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 500W Medium DAB Transmitter: vers:all/*
Electrolink / 500W Medium DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 1kW Medium DAB Transmitter: vers:all/*
Electrolink / 1kW Medium DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 2kW Medium DAB Transmitter: vers:all/*
Electrolink / 2kW Medium DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 2.5kW High Power DAB Transmitter: vers:all/*
Electrolink / 2.5kW High Power DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 3kW High Power DAB Transmitter: vers:all/*
Electrolink / 3kW High Power DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 4kW High Power DAB Transmitter: vers:all/*
Electrolink / 4kW High Power DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 5kW High Power DAB Transmitter: vers:all/*
Electrolink / 5kW High Power DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 100W Compact FM Transmitter: vers:all/*
Electrolink / 100W Compact FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 500W Compact FM Transmitter: vers:all/*
Electrolink / 500W Compact FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 1kW Compact FM Transmitter: vers:all/*
Electrolink / 1kW Compact FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 2kW Compact FM Transmitter: vers:all/*
Electrolink / 2kW Compact FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 3kW Modular FM Transmitter: vers:all/*
Electrolink / 3kW Modular FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 5kW Modular FM Transmitter: vers:all/*
Electrolink / 5kW Modular FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 10kW Modular FM Transmitter: vers:all/*
Electrolink / 10kW Modular FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 15kW Modular FM Transmitter: vers:all/*
Electrolink / 15kW Modular FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 20kW Modular FM Transmitter: vers:all/*
Electrolink / 20kW Modular FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 30kW Modular FM Transmitter: vers:all/*
Electrolink / 30kW Modular FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 15W - 40kW Digital FM Transmitter: vers:all/*
Electrolink / 15W - 40kW Digital FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink BI VHF TV Transmitter: vers:all/*
Electrolink / BI VHF TV Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink BIII VHF TV Transmitter: vers:all/*
Electrolink / BIII VHF TV Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 10W - 5kW UHF TV Transmitter: vers:all/*
Electrolink / 10W - 5kW UHF TV Transmitter
|
vers:all/* |
Mitigation
fix
|
5.3 (Medium)
Affected products
Known affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Electrolink 10W Compact DAB Transmitter: vers:all/*
Electrolink / 10W Compact DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 100W Compact DAB Transmitter: vers:all/*
Electrolink / 100W Compact DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 250W Compact DAB Transmitter: vers:all/*
Electrolink / 250W Compact DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 500W Medium DAB Transmitter: vers:all/*
Electrolink / 500W Medium DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 1kW Medium DAB Transmitter: vers:all/*
Electrolink / 1kW Medium DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 2kW Medium DAB Transmitter: vers:all/*
Electrolink / 2kW Medium DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 2.5kW High Power DAB Transmitter: vers:all/*
Electrolink / 2.5kW High Power DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 3kW High Power DAB Transmitter: vers:all/*
Electrolink / 3kW High Power DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 4kW High Power DAB Transmitter: vers:all/*
Electrolink / 4kW High Power DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 5kW High Power DAB Transmitter: vers:all/*
Electrolink / 5kW High Power DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 100W Compact FM Transmitter: vers:all/*
Electrolink / 100W Compact FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 500W Compact FM Transmitter: vers:all/*
Electrolink / 500W Compact FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 1kW Compact FM Transmitter: vers:all/*
Electrolink / 1kW Compact FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 2kW Compact FM Transmitter: vers:all/*
Electrolink / 2kW Compact FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 3kW Modular FM Transmitter: vers:all/*
Electrolink / 3kW Modular FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 5kW Modular FM Transmitter: vers:all/*
Electrolink / 5kW Modular FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 10kW Modular FM Transmitter: vers:all/*
Electrolink / 10kW Modular FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 15kW Modular FM Transmitter: vers:all/*
Electrolink / 15kW Modular FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 20kW Modular FM Transmitter: vers:all/*
Electrolink / 20kW Modular FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 30kW Modular FM Transmitter: vers:all/*
Electrolink / 30kW Modular FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 15W - 40kW Digital FM Transmitter: vers:all/*
Electrolink / 15W - 40kW Digital FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink BI VHF TV Transmitter: vers:all/*
Electrolink / BI VHF TV Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink BIII VHF TV Transmitter: vers:all/*
Electrolink / BIII VHF TV Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 10W - 5kW UHF TV Transmitter: vers:all/*
Electrolink / 10W - 5kW UHF TV Transmitter
|
vers:all/* |
Mitigation
fix
|
7.5 (High)
Affected products
Known affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Electrolink 10W Compact DAB Transmitter: vers:all/*
Electrolink / 10W Compact DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 100W Compact DAB Transmitter: vers:all/*
Electrolink / 100W Compact DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 250W Compact DAB Transmitter: vers:all/*
Electrolink / 250W Compact DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 500W Medium DAB Transmitter: vers:all/*
Electrolink / 500W Medium DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 1kW Medium DAB Transmitter: vers:all/*
Electrolink / 1kW Medium DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 2kW Medium DAB Transmitter: vers:all/*
Electrolink / 2kW Medium DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 2.5kW High Power DAB Transmitter: vers:all/*
Electrolink / 2.5kW High Power DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 3kW High Power DAB Transmitter: vers:all/*
Electrolink / 3kW High Power DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 4kW High Power DAB Transmitter: vers:all/*
Electrolink / 4kW High Power DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 5kW High Power DAB Transmitter: vers:all/*
Electrolink / 5kW High Power DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 100W Compact FM Transmitter: vers:all/*
Electrolink / 100W Compact FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 500W Compact FM Transmitter: vers:all/*
Electrolink / 500W Compact FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 1kW Compact FM Transmitter: vers:all/*
Electrolink / 1kW Compact FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 2kW Compact FM Transmitter: vers:all/*
Electrolink / 2kW Compact FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 3kW Modular FM Transmitter: vers:all/*
Electrolink / 3kW Modular FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 5kW Modular FM Transmitter: vers:all/*
Electrolink / 5kW Modular FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 10kW Modular FM Transmitter: vers:all/*
Electrolink / 10kW Modular FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 15kW Modular FM Transmitter: vers:all/*
Electrolink / 15kW Modular FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 20kW Modular FM Transmitter: vers:all/*
Electrolink / 20kW Modular FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 30kW Modular FM Transmitter: vers:all/*
Electrolink / 30kW Modular FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 15W - 40kW Digital FM Transmitter: vers:all/*
Electrolink / 15W - 40kW Digital FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink BI VHF TV Transmitter: vers:all/*
Electrolink / BI VHF TV Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink BIII VHF TV Transmitter: vers:all/*
Electrolink / BIII VHF TV Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 10W - 5kW UHF TV Transmitter: vers:all/*
Electrolink / 10W - 5kW UHF TV Transmitter
|
vers:all/* |
Mitigation
fix
|
7.5 (High)
Affected products
Known affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Electrolink 10W Compact DAB Transmitter: vers:all/*
Electrolink / 10W Compact DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 100W Compact DAB Transmitter: vers:all/*
Electrolink / 100W Compact DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 250W Compact DAB Transmitter: vers:all/*
Electrolink / 250W Compact DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 500W Medium DAB Transmitter: vers:all/*
Electrolink / 500W Medium DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 1kW Medium DAB Transmitter: vers:all/*
Electrolink / 1kW Medium DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 2kW Medium DAB Transmitter: vers:all/*
Electrolink / 2kW Medium DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 2.5kW High Power DAB Transmitter: vers:all/*
Electrolink / 2.5kW High Power DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 3kW High Power DAB Transmitter: vers:all/*
Electrolink / 3kW High Power DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 4kW High Power DAB Transmitter: vers:all/*
Electrolink / 4kW High Power DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 5kW High Power DAB Transmitter: vers:all/*
Electrolink / 5kW High Power DAB Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 100W Compact FM Transmitter: vers:all/*
Electrolink / 100W Compact FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 500W Compact FM Transmitter: vers:all/*
Electrolink / 500W Compact FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 1kW Compact FM Transmitter: vers:all/*
Electrolink / 1kW Compact FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 2kW Compact FM Transmitter: vers:all/*
Electrolink / 2kW Compact FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 3kW Modular FM Transmitter: vers:all/*
Electrolink / 3kW Modular FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 5kW Modular FM Transmitter: vers:all/*
Electrolink / 5kW Modular FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 10kW Modular FM Transmitter: vers:all/*
Electrolink / 10kW Modular FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 15kW Modular FM Transmitter: vers:all/*
Electrolink / 15kW Modular FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 20kW Modular FM Transmitter: vers:all/*
Electrolink / 20kW Modular FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 30kW Modular FM Transmitter: vers:all/*
Electrolink / 30kW Modular FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 15W - 40kW Digital FM Transmitter: vers:all/*
Electrolink / 15W - 40kW Digital FM Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink BI VHF TV Transmitter: vers:all/*
Electrolink / BI VHF TV Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink BIII VHF TV Transmitter: vers:all/*
Electrolink / BIII VHF TV Transmitter
|
vers:all/* |
Mitigation
fix
|
|
|
Electrolink 10W - 5kW UHF TV Transmitter: vers:all/*
Electrolink / 10W - 5kW UHF TV Transmitter
|
vers:all/* |
Mitigation
fix
|
References
23 references
Acknowledgments
Gjoko Krstic
{
"document": {
"acknowledgments": [
{
"names": [
"Gjoko Krstic"
],
"summary": "reporting these vulnerabilities publicly on the internet after an unsuccessful attempt to contact Electrolink directly"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities could allow an attacker to obtain full system access, keep the device from transmitting, escalate privileges, change credentials, and execute arbitrary code.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Communications Sector",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Italy",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolating them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as virtual private networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-24-107-02 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-107-02.json"
},
{
"category": "self",
"summary": "ICSA Advisory ICSA-24-107-02 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Electrolink FM/DAB/TV Transmitter",
"tracking": {
"current_release_date": "2024-04-16T06:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-24-107-02",
"initial_release_date": "2024-04-16T06:00:00.000000Z",
"revision_history": [
{
"date": "2024-04-16T06:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "Initial Publication"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Electrolink 10W Compact DAB Transmitter: vers:all/*",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "10W Compact DAB Transmitter"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Electrolink 100W Compact DAB Transmitter: vers:all/*",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "100W Compact DAB Transmitter"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Electrolink 250W Compact DAB Transmitter: vers:all/*",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "250W Compact DAB Transmitter"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Electrolink 500W Medium DAB Transmitter: vers:all/*",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "500W Medium DAB Transmitter"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Electrolink 1kW Medium DAB Transmitter: vers:all/*",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "1kW Medium DAB Transmitter"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Electrolink 2kW Medium DAB Transmitter: vers:all/*",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "2kW Medium DAB Transmitter"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Electrolink 2.5kW High Power DAB Transmitter: vers:all/*",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "2.5kW High Power DAB Transmitter"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Electrolink 3kW High Power DAB Transmitter: vers:all/*",
"product_id": "CSAFPID-0008"
}
}
],
"category": "product_name",
"name": "3kW High Power DAB Transmitter"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Electrolink 4kW High Power DAB Transmitter: vers:all/*",
"product_id": "CSAFPID-0009"
}
}
],
"category": "product_name",
"name": "4kW High Power DAB Transmitter"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Electrolink 5kW High Power DAB Transmitter: vers:all/*",
"product_id": "CSAFPID-0010"
}
}
],
"category": "product_name",
"name": "5kW High Power DAB Transmitter"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Electrolink 100W Compact FM Transmitter: vers:all/*",
"product_id": "CSAFPID-0011"
}
}
],
"category": "product_name",
"name": "100W Compact FM Transmitter"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Electrolink 500W Compact FM Transmitter: vers:all/*",
"product_id": "CSAFPID-0012"
}
}
],
"category": "product_name",
"name": "500W Compact FM Transmitter"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Electrolink 1kW Compact FM Transmitter: vers:all/*",
"product_id": "CSAFPID-0013"
}
}
],
"category": "product_name",
"name": "1kW Compact FM Transmitter"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Electrolink 2kW Compact FM Transmitter: vers:all/*",
"product_id": "CSAFPID-0014"
}
}
],
"category": "product_name",
"name": "2kW Compact FM Transmitter"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Electrolink 3kW Modular FM Transmitter: vers:all/*",
"product_id": "CSAFPID-0015"
}
}
],
"category": "product_name",
"name": "3kW Modular FM Transmitter"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Electrolink 5kW Modular FM Transmitter: vers:all/*",
"product_id": "CSAFPID-0016"
}
}
],
"category": "product_name",
"name": "5kW Modular FM Transmitter"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Electrolink 10kW Modular FM Transmitter: vers:all/*",
"product_id": "CSAFPID-0017"
}
}
],
"category": "product_name",
"name": "10kW Modular FM Transmitter"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Electrolink 15kW Modular FM Transmitter: vers:all/*",
"product_id": "CSAFPID-0018"
}
}
],
"category": "product_name",
"name": "15kW Modular FM Transmitter"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Electrolink 20kW Modular FM Transmitter: vers:all/*",
"product_id": "CSAFPID-0019"
}
}
],
"category": "product_name",
"name": "20kW Modular FM Transmitter"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Electrolink 30kW Modular FM Transmitter: vers:all/*",
"product_id": "CSAFPID-0020"
}
}
],
"category": "product_name",
"name": "30kW Modular FM Transmitter"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Electrolink 15W - 40kW Digital FM Transmitter: vers:all/*",
"product_id": "CSAFPID-0021"
}
}
],
"category": "product_name",
"name": "15W - 40kW Digital FM Transmitter"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Electrolink BI VHF TV Transmitter: vers:all/*",
"product_id": "CSAFPID-0022"
}
}
],
"category": "product_name",
"name": "BI VHF TV Transmitter"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Electrolink BIII VHF TV Transmitter: vers:all/*",
"product_id": "CSAFPID-0023"
}
}
],
"category": "product_name",
"name": "BIII VHF TV Transmitter"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Electrolink 10W - 5kW UHF TV Transmitter: vers:all/*",
"product_id": "CSAFPID-0024"
}
}
],
"category": "product_name",
"name": "10W - 5kW UHF TV Transmitter"
}
],
"category": "vendor",
"name": "Electrolink"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-3741",
"cwe": {
"id": "CWE-302",
"name": "Authentication Bypass by Assumed-Immutable Data"
},
"notes": [
{
"category": "summary",
"text": "Electrolink transmitters are vulnerable to an authentication bypass vulnerability affecting the login cookie. An attacker can set an arbitrary value except \u0027NO\u0027 to the login cookie and have full system access.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-3741"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Electrolink has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected products are encouraged to contact Electrolink for additional information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024"
],
"url": "https://electrolink.com/contacts/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024"
]
}
]
},
{
"cve": "CVE-2024-22179",
"cwe": {
"id": "CWE-302",
"name": "Authentication Bypass by Assumed-Immutable Data"
},
"notes": [
{
"category": "summary",
"text": "The application is vulnerable to an unauthenticated parameter manipulation that allows an attacker to set the credentials to blank giving her access to the admin panel. Also vulnerable to account takeover and arbitrary password change.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-22179"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Electrolink has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected products are encouraged to contact Electrolink for additional information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024"
],
"url": "https://electrolink.com/contacts/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024"
]
}
]
},
{
"cve": "CVE-2024-22186",
"cwe": {
"id": "CWE-565",
"name": "Reliance on Cookies without Validation and Integrity Checking"
},
"notes": [
{
"category": "summary",
"text": "The application suffers from a privilege escalation vulnerability. An attacker logged in as guest can escalate his privileges by poisoning the cookie to become administrator.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-22186"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Electrolink has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected products are encouraged to contact Electrolink for additional information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024"
],
"url": "https://electrolink.com/contacts/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024"
]
}
]
},
{
"cve": "CVE-2024-21872",
"cwe": {
"id": "CWE-565",
"name": "Reliance on Cookies without Validation and Integrity Checking"
},
"notes": [
{
"category": "summary",
"text": "The device allows an unauthenticated attacker to bypass authentication and modify the cookie to reveal hidden pages that allows more critical operations to the transmitter.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-21872"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Electrolink has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected products are encouraged to contact Electrolink for additional information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024"
],
"url": "https://electrolink.com/contacts/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024"
]
}
]
},
{
"cve": "CVE-2024-21846",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "summary",
"text": "An unauthenticated attacker can reset the board and stop transmitter operations by sending a specially-crafted GET request to the command.cgi gateway, resulting in a denial-of-service scenario. ",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-21846"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Electrolink has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected products are encouraged to contact Electrolink for additional information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024"
],
"url": "https://electrolink.com/contacts/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024"
]
}
]
},
{
"cve": "CVE-2024-1491",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "summary",
"text": "The devices allow access to an unprotected endpoint that allows MPFS file system binary image upload without authentication. The MPFS2 file system module provides a light-weight read-only file system that can be stored in external EEPROM, external serial flash, or internal flash program memory. This file system serves as the basis for the HTTP2 web server module, but is also used by the SNMP module and is available to other applications that require basic read-only storage capabilities. This can be exploited to overwrite the flash program memory that holds the web server\u0027s main interfaces and execute arbitrary code.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-1491"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Electrolink has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected products are encouraged to contact Electrolink for additional information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024"
],
"url": "https://electrolink.com/contacts/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024"
]
}
]
},
{
"cve": "CVE-2024-3742",
"cwe": {
"id": "CWE-312",
"name": "Cleartext Storage of Sensitive Information"
},
"notes": [
{
"category": "summary",
"text": "Electrolink transmitters store credentials in clear-text. Use of these credentials could allow an attacker to access the system.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-3742"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Electrolink has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected products are encouraged to contact Electrolink for additional information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024"
],
"url": "https://electrolink.com/contacts/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0024"
]
}
]
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…