CVE-2024-22179 (GCVE-0-2024-22179)

Vulnerability from cvelistv5 – Published: 2024-04-18 22:06 – Updated: 2024-08-01 22:35
VLAI?
Title
Electrolink FM/DAB/TV Transmitter Authentication Bypass by Assumed-Immutable Data
Summary
The application is vulnerable to an unauthenticated parameter manipulation that allows an attacker to set the credentials to blank giving her access to the admin panel. Also vulnerable to account takeover and arbitrary password change.
Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
8.7 (High)
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
CWE
Assigner
References
Impacted products
Vendor Product Version
Electrolink Compact DAB Transmitter Affected: 10W
Affected: 100W
Affected: 250W
Create a notification for this product.
    Electrolink Medium DAB Transmitter Affected: 500W
Affected: 1kW
Affected: 2kW
Create a notification for this product.
    Electrolink High Power DAB Transmitter Affected: 2.5kW
Affected: 3kW
Affected: 4kW
Affected: 5kW
Create a notification for this product.
    Electrolink Compact FM Transmitter Affected: Compact FM Transmitter
Affected: 500W
Affected: 1kW
Affected: 2kW
Create a notification for this product.
    Electrolink Modular FM Transmitter Affected: 3kW
Affected: 5kW
Affected: 10kW
Affected: 15kW
Affected: 20kW
Affected: 30kW
Create a notification for this product.
    Electrolink Digital FM Transmitter Affected: 15W , ≤ 40kW (custom)
Create a notification for this product.
    Electrolink VHF TV Transmitter Affected: BI
Affected: BIII
Create a notification for this product.
    Electrolink UHF TV Transmitter Affected: 10W , ≤ 5kW (custom)
Create a notification for this product.
Credits
Gjoko Krstic publicly reported these vulnerabilities on the internet after an unsuccessful attempt to contact Electrolink directly.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:electrolink:compact_dab_transmitter:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "compact dab transmitter",
            "vendor": "electrolink",
            "versions": [
              {
                "status": "affected",
                "version": "10w"
              },
              {
                "status": "affected",
                "version": "100w"
              },
              {
                "status": "affected",
                "version": "250w"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:electrolink:medium_dab_transmitter:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "medium dab transmitter",
            "vendor": "electrolink",
            "versions": [
              {
                "status": "affected",
                "version": "500w"
              },
              {
                "status": "affected",
                "version": "1kw"
              },
              {
                "status": "affected",
                "version": "2kw"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:electrolink:high_power_dab_transmitter:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "high power dab transmitter",
            "vendor": "electrolink",
            "versions": [
              {
                "status": "affected",
                "version": "2.5kw"
              },
              {
                "status": "affected",
                "version": "3kw"
              },
              {
                "status": "affected",
                "version": "4kw"
              },
              {
                "status": "affected",
                "version": "5kw"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:electrolink:compact_fm_transmitter:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "compact fm transmitter",
            "vendor": "electrolink",
            "versions": [
              {
                "status": "affected",
                "version": "500w"
              },
              {
                "status": "affected",
                "version": "1kw"
              },
              {
                "status": "affected",
                "version": "2kw"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:electrolink:modular_fm_transmitter:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "modular fm transmitter",
            "vendor": "electrolink",
            "versions": [
              {
                "status": "affected",
                "version": "3kw"
              },
              {
                "status": "affected",
                "version": "5kw"
              },
              {
                "status": "affected",
                "version": "10kw"
              },
              {
                "status": "affected",
                "version": "15kw"
              },
              {
                "status": "affected",
                "version": "20kw"
              },
              {
                "status": "affected",
                "version": "30kw"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:electrolink:digital_fm_transmitter:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "digital fm transmitter",
            "vendor": "electrolink",
            "versions": [
              {
                "lessThanOrEqual": "40kw",
                "status": "affected",
                "version": "15w",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:electrolink:vhf_tv_transmitter:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "vhf tv transmitter",
            "vendor": "electrolink",
            "versions": [
              {
                "status": "affected",
                "version": "bi"
              },
              {
                "status": "affected",
                "version": "biii"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:electrolink:uhf_tv_transmitter:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "uhf tv transmitter",
            "vendor": "electrolink",
            "versions": [
              {
                "lessThanOrEqual": "5kw",
                "status": "affected",
                "version": "10w",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-22179",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-16T14:46:38.775197Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-16T15:05:06.230Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:35:34.937Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Compact DAB Transmitter",
          "vendor": "Electrolink",
          "versions": [
            {
              "status": "affected",
              "version": "10W"
            },
            {
              "status": "affected",
              "version": "100W"
            },
            {
              "status": "affected",
              "version": "250W"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Medium DAB Transmitter",
          "vendor": "Electrolink",
          "versions": [
            {
              "status": "affected",
              "version": "500W"
            },
            {
              "status": "affected",
              "version": "1kW"
            },
            {
              "status": "affected",
              "version": "2kW"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "High Power DAB Transmitter",
          "vendor": "Electrolink",
          "versions": [
            {
              "status": "affected",
              "version": "2.5kW"
            },
            {
              "status": "affected",
              "version": "3kW"
            },
            {
              "status": "affected",
              "version": "4kW"
            },
            {
              "status": "affected",
              "version": "5kW"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Compact FM Transmitter",
          "vendor": "Electrolink",
          "versions": [
            {
              "status": "affected",
              "version": "Compact FM Transmitter"
            },
            {
              "status": "affected",
              "version": "500W"
            },
            {
              "status": "affected",
              "version": "1kW"
            },
            {
              "status": "affected",
              "version": "2kW"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Modular FM Transmitter",
          "vendor": "Electrolink",
          "versions": [
            {
              "status": "affected",
              "version": "3kW"
            },
            {
              "status": "affected",
              "version": "5kW"
            },
            {
              "status": "affected",
              "version": "10kW"
            },
            {
              "status": "affected",
              "version": "15kW"
            },
            {
              "status": "affected",
              "version": "20kW"
            },
            {
              "status": "affected",
              "version": "30kW"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Digital FM Transmitter",
          "vendor": "Electrolink",
          "versions": [
            {
              "lessThanOrEqual": "40kW",
              "status": "affected",
              "version": "15W",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VHF TV Transmitter",
          "vendor": "Electrolink",
          "versions": [
            {
              "status": "affected",
              "version": "BI"
            },
            {
              "status": "affected",
              "version": "BIII"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UHF TV Transmitter",
          "vendor": "Electrolink",
          "versions": [
            {
              "lessThanOrEqual": "5kW",
              "status": "affected",
              "version": "10W",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Gjoko Krstic publicly reported these vulnerabilities on the internet after an unsuccessful attempt to contact Electrolink directly."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The application is vulnerable to an unauthenticated parameter \nmanipulation that allows an attacker to set the credentials to blank \ngiving her access to the admin panel. Also vulnerable to account \ntakeover and arbitrary password change."
            }
          ],
          "value": "The application is vulnerable to an unauthenticated parameter \nmanipulation that allows an attacker to set the credentials to blank \ngiving her access to the admin panel. Also vulnerable to account \ntakeover and arbitrary password change."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-302",
              "description": "CWE-302",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-28T16:45:02.057Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02"
        }
      ],
      "source": {
        "advisory": "ICSA-24-107-02",
        "discovery": "EXTERNAL"
      },
      "title": "Electrolink FM/DAB/TV Transmitter Authentication Bypass by Assumed-Immutable Data",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://electrolink.com/contacts/\"\u003eElectrolink\u003c/a\u003e for additional information.\n\n\u003cbr\u003e"
            }
          ],
          "value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact  Electrolink https://electrolink.com/contacts/  for additional information."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2024-22179",
    "datePublished": "2024-04-18T22:06:26.781Z",
    "dateReserved": "2024-01-05T22:07:42.998Z",
    "dateUpdated": "2024-08-01T22:35:34.937Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The application is vulnerable to an unauthenticated parameter \\nmanipulation that allows an attacker to set the credentials to blank \\ngiving her access to the admin panel. Also vulnerable to account \\ntakeover and arbitrary password change.\"}, {\"lang\": \"es\", \"value\": \"La aplicaci\\u00f3n es vulnerable a una manipulaci\\u00f3n de par\\u00e1metros no autenticados que permite a un atacante dejar las credenciales en blanco, d\\u00e1ndole acceso al panel de administraci\\u00f3n. Tambi\\u00e9n vulnerable a la apropiaci\\u00f3n de cuentas y al cambio arbitrario de contrase\\u00f1a.\"}]",
      "id": "CVE-2024-22179",
      "lastModified": "2024-11-21T08:55:44.090",
      "metrics": "{\"cvssMetricV40\": [{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"4.0\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\", \"baseScore\": 8.7, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"vulnerableSystemConfidentiality\": \"NONE\", \"vulnerableSystemIntegrity\": \"HIGH\", \"vulnerableSystemAvailability\": \"NONE\", \"subsequentSystemConfidentiality\": \"NONE\", \"subsequentSystemIntegrity\": \"NONE\", \"subsequentSystemAvailability\": \"NONE\", \"exploitMaturity\": \"NOT_DEFINED\", \"confidentialityRequirements\": \"NOT_DEFINED\", \"integrityRequirements\": \"NOT_DEFINED\", \"availabilityRequirements\": \"NOT_DEFINED\", \"modifiedAttackVector\": \"NOT_DEFINED\", \"modifiedAttackComplexity\": \"NOT_DEFINED\", \"modifiedAttackRequirements\": \"NOT_DEFINED\", \"modifiedPrivilegesRequired\": \"NOT_DEFINED\", \"modifiedUserInteraction\": \"NOT_DEFINED\", \"modifiedVulnerableSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedVulnerableSystemIntegrity\": \"NOT_DEFINED\", \"modifiedVulnerableSystemAvailability\": \"NOT_DEFINED\", \"modifiedSubsequentSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedSubsequentSystemIntegrity\": \"NOT_DEFINED\", \"modifiedSubsequentSystemAvailability\": \"NOT_DEFINED\", \"safety\": \"NOT_DEFINED\", \"automatable\": \"NOT_DEFINED\", \"recovery\": \"NOT_DEFINED\", \"valueDensity\": \"NOT_DEFINED\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\"}}], \"cvssMetricV31\": [{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
      "published": "2024-04-18T22:15:09.850",
      "references": "[{\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02\", \"source\": \"ics-cert@hq.dhs.gov\"}, {\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "ics-cert@hq.dhs.gov",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-302\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-22179\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2024-04-18T22:15:09.850\",\"lastModified\":\"2024-11-21T08:55:44.090\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The application is vulnerable to an unauthenticated parameter \\nmanipulation that allows an attacker to set the credentials to blank \\ngiving her access to the admin panel. Also vulnerable to account \\ntakeover and arbitrary password change.\"},{\"lang\":\"es\",\"value\":\"La aplicaci\u00f3n es vulnerable a una manipulaci\u00f3n de par\u00e1metros no autenticados que permite a un atacante dejar las credenciales en blanco, d\u00e1ndole acceso al panel de administraci\u00f3n. Tambi\u00e9n vulnerable a la apropiaci\u00f3n de cuentas y al cambio arbitrario de contrase\u00f1a.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-302\"}]}],\"references\":[{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02\",\"source\":\"ics-cert@hq.dhs.gov\"},{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T22:35:34.937Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-22179\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-16T14:46:38.775197Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:electrolink:compact_dab_transmitter:*:*:*:*:*:*:*:*\"], \"vendor\": \"electrolink\", \"product\": \"compact dab transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"10w\"}, {\"status\": \"affected\", \"version\": \"100w\"}, {\"status\": \"affected\", \"version\": \"250w\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:electrolink:medium_dab_transmitter:*:*:*:*:*:*:*:*\"], \"vendor\": \"electrolink\", \"product\": \"medium dab transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"500w\"}, {\"status\": \"affected\", \"version\": \"1kw\"}, {\"status\": \"affected\", \"version\": \"2kw\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:electrolink:high_power_dab_transmitter:*:*:*:*:*:*:*:*\"], \"vendor\": \"electrolink\", \"product\": \"high power dab transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.5kw\"}, {\"status\": \"affected\", \"version\": \"3kw\"}, {\"status\": \"affected\", \"version\": \"4kw\"}, {\"status\": \"affected\", \"version\": \"5kw\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:electrolink:compact_fm_transmitter:*:*:*:*:*:*:*:*\"], \"vendor\": \"electrolink\", \"product\": \"compact fm transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"500w\"}, {\"status\": \"affected\", \"version\": \"1kw\"}, {\"status\": \"affected\", \"version\": \"2kw\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:electrolink:modular_fm_transmitter:*:*:*:*:*:*:*:*\"], \"vendor\": \"electrolink\", \"product\": \"modular fm transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"3kw\"}, {\"status\": \"affected\", \"version\": \"5kw\"}, {\"status\": \"affected\", \"version\": \"10kw\"}, {\"status\": \"affected\", \"version\": \"15kw\"}, {\"status\": \"affected\", \"version\": \"20kw\"}, {\"status\": \"affected\", \"version\": \"30kw\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:electrolink:digital_fm_transmitter:*:*:*:*:*:*:*:*\"], \"vendor\": \"electrolink\", \"product\": \"digital fm transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"15w\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"40kw\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:electrolink:vhf_tv_transmitter:*:*:*:*:*:*:*:*\"], \"vendor\": \"electrolink\", \"product\": \"vhf tv transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"bi\"}, {\"status\": \"affected\", \"version\": \"biii\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:electrolink:uhf_tv_transmitter:*:*:*:*:*:*:*:*\"], \"vendor\": \"electrolink\", \"product\": \"uhf tv transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"10w\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5kw\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-16T15:04:56.293Z\"}}], \"cna\": {\"title\": \"Electrolink FM/DAB/TV Transmitter Authentication Bypass by Assumed-Immutable Data\", \"source\": {\"advisory\": \"ICSA-24-107-02\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Gjoko Krstic publicly reported these vulnerabilities on the internet after an unsuccessful attempt to contact Electrolink directly.\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 8.7, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Electrolink\", \"product\": \"Compact DAB Transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"10W\"}, {\"status\": \"affected\", \"version\": \"100W\"}, {\"status\": \"affected\", \"version\": \"250W\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Electrolink\", \"product\": \"Medium DAB Transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"500W\"}, {\"status\": \"affected\", \"version\": \"1kW\"}, {\"status\": \"affected\", \"version\": \"2kW\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Electrolink\", \"product\": \"High Power DAB Transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.5kW\"}, {\"status\": \"affected\", \"version\": \"3kW\"}, {\"status\": \"affected\", \"version\": \"4kW\"}, {\"status\": \"affected\", \"version\": \"5kW\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Electrolink\", \"product\": \"Compact FM Transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"Compact FM Transmitter\"}, {\"status\": \"affected\", \"version\": \"500W\"}, {\"status\": \"affected\", \"version\": \"1kW\"}, {\"status\": \"affected\", \"version\": \"2kW\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Electrolink\", \"product\": \"Modular FM Transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"3kW\"}, {\"status\": \"affected\", \"version\": \"5kW\"}, {\"status\": \"affected\", \"version\": \"10kW\"}, {\"status\": \"affected\", \"version\": \"15kW\"}, {\"status\": \"affected\", \"version\": \"20kW\"}, {\"status\": \"affected\", \"version\": \"30kW\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Electrolink\", \"product\": \"Digital FM Transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"15W\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"40kW\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Electrolink\", \"product\": \"VHF TV Transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"BI\"}, {\"status\": \"affected\", \"version\": \"BIII\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Electrolink\", \"product\": \"UHF TV Transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"10W\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5kW\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Electrolink has not responded to requests to work with CISA to mitigate \\nthese vulnerabilities. Users of the affected products are encouraged to \\ncontact  Electrolink https://electrolink.com/contacts/  for additional information.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Electrolink has not responded to requests to work with CISA to mitigate \\nthese vulnerabilities. Users of the affected products are encouraged to \\ncontact \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://electrolink.com/contacts/\\\"\u003eElectrolink\u003c/a\u003e for additional information.\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The application is vulnerable to an unauthenticated parameter \\nmanipulation that allows an attacker to set the credentials to blank \\ngiving her access to the admin panel. Also vulnerable to account \\ntakeover and arbitrary password change.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The application is vulnerable to an unauthenticated parameter \\nmanipulation that allows an attacker to set the credentials to blank \\ngiving her access to the admin panel. Also vulnerable to account \\ntakeover and arbitrary password change.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-302\", \"description\": \"CWE-302\"}]}], \"providerMetadata\": {\"orgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"shortName\": \"icscert\", \"dateUpdated\": \"2024-05-28T16:45:02.057Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-22179\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-01T22:35:34.937Z\", \"dateReserved\": \"2024-01-05T22:07:42.998Z\", \"assignerOrgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"datePublished\": \"2024-04-18T22:06:26.781Z\", \"assignerShortName\": \"icscert\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.