CVE-2024-21872 (GCVE-0-2024-21872)
Vulnerability from cvelistv5 – Published: 2024-04-18 22:10 – Updated: 2024-08-01 22:27
VLAI
EPSS
VEX
Title
Electrolink FM/DAB/TV Transmitter Reliance on Cookies without Validation and Integrity Checking
Summary
The device allows an unauthenticated attacker to bypass authentication
and modify the cookie to reveal hidden pages that allows more critical
operations to the transmitter.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-565 - Reliance on Cookies without Validation and Integrity Checking
Assigner
References
1 reference
Impacted products
14 products
| Vendor | Product | Version | |
|---|---|---|---|
| Electrolink | Compact DAB Transmitter |
Affected:
10W
Affected: 100W Affected: 250W |
|
| Electrolink | Medium DAB Transmitter |
Affected:
500W
Affected: 1kW Affected: 2kW |
|
| Electrolink | High Power DAB Transmitter |
Affected:
2.5kW
Affected: 3kW Affected: 4kW Affected: 5kW |
|
| Electrolink | Compact FM Transmitter |
Affected:
Compact FM Transmitter
Affected: 500W Affected: 1kW Affected: 2kW |
|
| Electrolink | Modular FM Transmitter |
Affected:
3kW
Affected: 5kW Affected: 10kW Affected: 15kW Affected: 20kW Affected: 30kW |
|
| Electrolink | Digital FM Transmitter |
Affected:
15W , ≤ 40kW
(custom)
|
|
| Electrolink | VHF TV Transmitter |
Affected:
BI
Affected: BIII |
|
| Electrolink | UHF TV Transmitter |
Affected:
10W , ≤ 5kW
(custom)
|
|
| electrolink | high power dab transmitter |
Affected:
-
cpe:2.3:a:electrolink:high_power_dab_transmitter:*:*:*:*:*:*:*:* |
|
| electrolink | compact dab transmitter |
Affected:
-
cpe:2.3:a:electrolink:compact_dab_transmitter:*:*:*:*:*:*:*:* |
|
| electrolink | modular fm transmitter |
Affected:
-
cpe:2.3:a:electrolink:modular_fm_transmitter:*:*:*:*:*:*:*:* |
|
| electrolink | compact fm transmitter |
Affected:
-
cpe:2.3:a:electrolink:compact_fm_transmitter:*:*:*:*:*:*:*:* |
|
| electrolink | digital fm transmitter |
Affected:
-
cpe:2.3:a:electrolink:digital_fm_transmitter:*:*:*:*:*:*:*:* |
|
| electrolink | vhf tv transmitter |
Affected:
-
cpe:2.3:a:electrolink:vhf_tv_transmitter:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:electrolink:high_power_dab_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "high power dab transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:compact_dab_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "compact dab transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:modular_fm_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "modular fm transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:compact_fm_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "compact fm transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:digital_fm_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "digital fm transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "-"
}
]
},
{
"cpes": [
"cpe:2.3:a:electrolink:vhf_tv_transmitter:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vhf tv transmitter",
"vendor": "electrolink",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21872",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-23T19:24:23.118747Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:37:59.521Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Compact DAB Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "10W"
},
{
"status": "affected",
"version": "100W"
},
{
"status": "affected",
"version": "250W"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Medium DAB Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "500W"
},
{
"status": "affected",
"version": "1kW"
},
{
"status": "affected",
"version": "2kW"
}
]
},
{
"defaultStatus": "unaffected",
"product": "High Power DAB Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "2.5kW"
},
{
"status": "affected",
"version": "3kW"
},
{
"status": "affected",
"version": "4kW"
},
{
"status": "affected",
"version": "5kW"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Compact FM Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "Compact FM Transmitter"
},
{
"status": "affected",
"version": "500W"
},
{
"status": "affected",
"version": "1kW"
},
{
"status": "affected",
"version": "2kW"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Modular FM Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "3kW"
},
{
"status": "affected",
"version": "5kW"
},
{
"status": "affected",
"version": "10kW"
},
{
"status": "affected",
"version": "15kW"
},
{
"status": "affected",
"version": "20kW"
},
{
"status": "affected",
"version": "30kW"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Digital FM Transmitter",
"vendor": "Electrolink",
"versions": [
{
"lessThanOrEqual": "40kW",
"status": "affected",
"version": "15W",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VHF TV Transmitter",
"vendor": "Electrolink",
"versions": [
{
"status": "affected",
"version": "BI"
},
{
"status": "affected",
"version": "BIII"
}
]
},
{
"defaultStatus": "unaffected",
"product": "UHF TV Transmitter",
"vendor": "Electrolink",
"versions": [
{
"lessThanOrEqual": "5kW",
"status": "affected",
"version": "10W",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gjoko Krstic publicly reported these vulnerabilities on the internet after an unsuccessful attempt to contact Electrolink directly."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The device allows an unauthenticated attacker to bypass authentication \nand modify the cookie to reveal hidden pages that allows more critical \noperations to the transmitter."
}
],
"value": "The device allows an unauthenticated attacker to bypass authentication \nand modify the cookie to reveal hidden pages that allows more critical \noperations to the transmitter."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-565",
"description": "CWE-565 Reliance on Cookies without Validation and Integrity Checking",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-28T16:48:11.887Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02"
}
],
"source": {
"advisory": "ICSA-24-107-02",
"discovery": "EXTERNAL"
},
"title": "Electrolink FM/DAB/TV Transmitter Reliance on Cookies without Validation and Integrity Checking",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://electrolink.com/contacts/\"\u003eElectrolink\u003c/a\u003e for additional information.\n\n\u003cbr\u003e"
}
],
"value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact Electrolink https://electrolink.com/contacts/ for additional information."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-21872",
"datePublished": "2024-04-18T22:10:42.293Z",
"dateReserved": "2024-01-05T22:07:42.977Z",
"dateUpdated": "2024-08-01T22:27:36.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-21872",
"date": "2026-07-15",
"epss": "0.00551",
"percentile": "0.4233"
},
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"The device allows an unauthenticated attacker to bypass authentication \\nand modify the cookie to reveal hidden pages that allows more critical \\noperations to the transmitter.\"}, {\"lang\": \"es\", \"value\": \"El dispositivo permite a un atacante no autenticado eludir la autenticaci\\u00f3n y modificar la cookie para revelar p\\u00e1ginas ocultas que permiten operaciones m\\u00e1s cr\\u00edticas para el transmisor.\"}]",
"id": "CVE-2024-21872",
"lastModified": "2024-11-21T08:55:09.673",
"metrics": "{\"cvssMetricV40\": [{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"4.0\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\", \"baseScore\": 8.7, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"vulnerableSystemConfidentiality\": \"HIGH\", \"vulnerableSystemIntegrity\": \"NONE\", \"vulnerableSystemAvailability\": \"NONE\", \"subsequentSystemConfidentiality\": \"NONE\", \"subsequentSystemIntegrity\": \"NONE\", \"subsequentSystemAvailability\": \"NONE\", \"exploitMaturity\": \"NOT_DEFINED\", \"confidentialityRequirements\": \"NOT_DEFINED\", \"integrityRequirements\": \"NOT_DEFINED\", \"availabilityRequirements\": \"NOT_DEFINED\", \"modifiedAttackVector\": \"NOT_DEFINED\", \"modifiedAttackComplexity\": \"NOT_DEFINED\", \"modifiedAttackRequirements\": \"NOT_DEFINED\", \"modifiedPrivilegesRequired\": \"NOT_DEFINED\", \"modifiedUserInteraction\": \"NOT_DEFINED\", \"modifiedVulnerableSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedVulnerableSystemIntegrity\": \"NOT_DEFINED\", \"modifiedVulnerableSystemAvailability\": \"NOT_DEFINED\", \"modifiedSubsequentSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedSubsequentSystemIntegrity\": \"NOT_DEFINED\", \"modifiedSubsequentSystemAvailability\": \"NOT_DEFINED\", \"safety\": \"NOT_DEFINED\", \"automatable\": \"NOT_DEFINED\", \"recovery\": \"NOT_DEFINED\", \"valueDensity\": \"NOT_DEFINED\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\"}}], \"cvssMetricV31\": [{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
"published": "2024-04-18T23:15:07.123",
"references": "[{\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02\", \"source\": \"ics-cert@hq.dhs.gov\"}, {\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-565\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-21872\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2024-04-18T23:15:07.123\",\"lastModified\":\"2026-06-17T07:10:19.060\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The device allows an unauthenticated attacker to bypass authentication \\nand modify the cookie to reveal hidden pages that allows more critical \\noperations to the transmitter.\"},{\"lang\":\"es\",\"value\":\"El dispositivo permite a un atacante no autenticado eludir la autenticaci\u00f3n y modificar la cookie para revelar p\u00e1ginas ocultas que permiten operaciones m\u00e1s cr\u00edticas para el transmisor.\"}],\"affected\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"affectedData\":[{\"vendor\":\"Electrolink\",\"product\":\"Compact DAB Transmitter\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"10W\",\"status\":\"affected\"},{\"version\":\"100W\",\"status\":\"affected\"},{\"version\":\"250W\",\"status\":\"affected\"}]},{\"vendor\":\"Electrolink\",\"product\":\"Medium DAB Transmitter\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"500W\",\"status\":\"affected\"},{\"version\":\"1kW\",\"status\":\"affected\"},{\"version\":\"2kW\",\"status\":\"affected\"}]},{\"vendor\":\"Electrolink\",\"product\":\"High Power DAB Transmitter\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"2.5kW\",\"status\":\"affected\"},{\"version\":\"3kW\",\"status\":\"affected\"},{\"version\":\"4kW\",\"status\":\"affected\"},{\"version\":\"5kW\",\"status\":\"affected\"}]},{\"vendor\":\"Electrolink\",\"product\":\"Compact FM Transmitter\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"Compact FM Transmitter\",\"status\":\"affected\"},{\"version\":\"500W\",\"status\":\"affected\"},{\"version\":\"1kW\",\"status\":\"affected\"},{\"version\":\"2kW\",\"status\":\"affected\"}]},{\"vendor\":\"Electrolink\",\"product\":\"Modular FM Transmitter\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"3kW\",\"status\":\"affected\"},{\"version\":\"5kW\",\"status\":\"affected\"},{\"version\":\"10kW\",\"status\":\"affected\"},{\"version\":\"15kW\",\"status\":\"affected\"},{\"version\":\"20kW\",\"status\":\"affected\"},{\"version\":\"30kW\",\"status\":\"affected\"}]},{\"vendor\":\"Electrolink\",\"product\":\"Digital FM Transmitter\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"15W\",\"lessThanOrEqual\":\"40kW\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Electrolink\",\"product\":\"VHF TV Transmitter\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"BI\",\"status\":\"affected\"},{\"version\":\"BIII\",\"status\":\"affected\"}]},{\"vendor\":\"Electrolink\",\"product\":\"UHF TV Transmitter\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"10W\",\"lessThanOrEqual\":\"5kW\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"affectedData\":[{\"vendor\":\"electrolink\",\"product\":\"high power dab transmitter\",\"defaultStatus\":\"unknown\",\"cpes\":[\"cpe:2.3:a:electrolink:high_power_dab_transmitter:*:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"-\",\"status\":\"affected\"}]},{\"vendor\":\"electrolink\",\"product\":\"compact dab transmitter\",\"defaultStatus\":\"unknown\",\"cpes\":[\"cpe:2.3:a:electrolink:compact_dab_transmitter:*:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"-\",\"status\":\"affected\"}]},{\"vendor\":\"electrolink\",\"product\":\"modular fm transmitter\",\"defaultStatus\":\"unknown\",\"cpes\":[\"cpe:2.3:a:electrolink:modular_fm_transmitter:*:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"-\",\"status\":\"affected\"}]},{\"vendor\":\"electrolink\",\"product\":\"compact fm transmitter\",\"defaultStatus\":\"unknown\",\"cpes\":[\"cpe:2.3:a:electrolink:compact_fm_transmitter:*:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"-\",\"status\":\"affected\"}]},{\"vendor\":\"electrolink\",\"product\":\"digital fm transmitter\",\"defaultStatus\":\"unknown\",\"cpes\":[\"cpe:2.3:a:electrolink:digital_fm_transmitter:*:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"-\",\"status\":\"affected\"}]},{\"vendor\":\"electrolink\",\"product\":\"vhf tv transmitter\",\"defaultStatus\":\"unknown\",\"cpes\":[\"cpe:2.3:a:electrolink:vhf_tv_transmitter:*:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"-\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2024-04-23T19:24:23.118747Z\",\"id\":\"CVE-2024-21872\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-565\"}]}],\"references\":[{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02\",\"source\":\"ics-cert@hq.dhs.gov\"},{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"redhat_vex": {
"current_release_date": "2025-05-28T21:17:20+00:00",
"cve": "CVE-2024-21872",
"id": "CVE-2024-21872",
"initial_release_date": "2024-01-01T00:00:00+00:00",
"product_status:known_not_affected": "1",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "Electrolink FM/DAB/TV Transmitter Reliance on Cookies without Validation and Integrity Checking",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21872.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T22:27:36.412Z\"}}, {\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-21872\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-04-23T19:24:23.118747Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:electrolink:high_power_dab_transmitter:*:*:*:*:*:*:*:*\"], \"vendor\": \"electrolink\", \"product\": \"high power dab transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:electrolink:compact_dab_transmitter:*:*:*:*:*:*:*:*\"], \"vendor\": \"electrolink\", \"product\": \"compact dab transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:electrolink:modular_fm_transmitter:*:*:*:*:*:*:*:*\"], \"vendor\": \"electrolink\", \"product\": \"modular fm transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:electrolink:compact_fm_transmitter:*:*:*:*:*:*:*:*\"], \"vendor\": \"electrolink\", \"product\": \"compact fm transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:electrolink:digital_fm_transmitter:*:*:*:*:*:*:*:*\"], \"vendor\": \"electrolink\", \"product\": \"digital fm transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:electrolink:vhf_tv_transmitter:*:*:*:*:*:*:*:*\"], \"vendor\": \"electrolink\", \"product\": \"vhf tv transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-04-23T19:19:35.067Z\"}, \"title\": \"CISA ADP Vulnrichment\"}], \"cna\": {\"title\": \"Electrolink FM/DAB/TV Transmitter Reliance on Cookies without Validation and Integrity Checking\", \"source\": {\"advisory\": \"ICSA-24-107-02\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Gjoko Krstic publicly reported these vulnerabilities on the internet after an unsuccessful attempt to contact Electrolink directly.\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 8.7, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Electrolink\", \"product\": \"Compact DAB Transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"10W\"}, {\"status\": \"affected\", \"version\": \"100W\"}, {\"status\": \"affected\", \"version\": \"250W\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Electrolink\", \"product\": \"Medium DAB Transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"500W\"}, {\"status\": \"affected\", \"version\": \"1kW\"}, {\"status\": \"affected\", \"version\": \"2kW\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Electrolink\", \"product\": \"High Power DAB Transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.5kW\"}, {\"status\": \"affected\", \"version\": \"3kW\"}, {\"status\": \"affected\", \"version\": \"4kW\"}, {\"status\": \"affected\", \"version\": \"5kW\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Electrolink\", \"product\": \"Compact FM Transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"Compact FM Transmitter\"}, {\"status\": \"affected\", \"version\": \"500W\"}, {\"status\": \"affected\", \"version\": \"1kW\"}, {\"status\": \"affected\", \"version\": \"2kW\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Electrolink\", \"product\": \"Modular FM Transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"3kW\"}, {\"status\": \"affected\", \"version\": \"5kW\"}, {\"status\": \"affected\", \"version\": \"10kW\"}, {\"status\": \"affected\", \"version\": \"15kW\"}, {\"status\": \"affected\", \"version\": \"20kW\"}, {\"status\": \"affected\", \"version\": \"30kW\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Electrolink\", \"product\": \"Digital FM Transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"15W\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"40kW\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Electrolink\", \"product\": \"VHF TV Transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"BI\"}, {\"status\": \"affected\", \"version\": \"BIII\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Electrolink\", \"product\": \"UHF TV Transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"10W\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5kW\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Electrolink has not responded to requests to work with CISA to mitigate \\nthese vulnerabilities. Users of the affected products are encouraged to \\ncontact Electrolink https://electrolink.com/contacts/ for additional information.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Electrolink has not responded to requests to work with CISA to mitigate \\nthese vulnerabilities. Users of the affected products are encouraged to \\ncontact \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://electrolink.com/contacts/\\\"\u003eElectrolink\u003c/a\u003e for additional information.\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The device allows an unauthenticated attacker to bypass authentication \\nand modify the cookie to reveal hidden pages that allows more critical \\noperations to the transmitter.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The device allows an unauthenticated attacker to bypass authentication \\nand modify the cookie to reveal hidden pages that allows more critical \\noperations to the transmitter.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-565\", \"description\": \"CWE-565 Reliance on Cookies without Validation and Integrity Checking\"}]}], \"providerMetadata\": {\"orgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"shortName\": \"icscert\", \"dateUpdated\": \"2024-05-28T16:48:11.887Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-21872\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-01T22:27:36.412Z\", \"dateReserved\": \"2024-01-05T22:07:42.977Z\", \"assignerOrgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"datePublished\": \"2024-04-18T22:10:42.293Z\", \"assignerShortName\": \"icscert\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…