1. EXECUTIVE SUMMARY
- CVSS v3 8.8
- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
- Vendor: Electrolink
- Equipment: FM/DAB/TV Transmitter
- Vulnerabilities: Authentication Bypass by Assumed-Immutable Data, Reliance on Cookies without Validation and Integrity Checking, Missing Authentication for Critical Function, Cleartext Storage of Sensitive Information
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to obtain full system access, keep the device from transmitting, escalate privileges, change credentials, and execute arbitrary code.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following Electrolink transmitters are affected:
- 10W, 100W, 250W, Compact DAB Transmitter
- 500W, 1kW, 2kW Medium DAB Transmitter
- 2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter
- 100W, 500W, 1kW, 2kW Compact FM Transmitter
- 3kW, 5kW, 10kW, 15kW, 20kW, 30kW Modular FM Transmitter
- 15W – 40kW Digital FM Transmitter
- BI, BIII VHF TV Transmitter
- 10W – 5kW UHF TV Transmitter
3.2 Vulnerability Overview
3.2.1 Authentication Bypass by Assumed-Immutable Data CWE-302
Electrolink transmitters are vulnerable to an authentication bypass vulnerability affecting the login cookie. An attacker can set an arbitrary value except ‘NO’ to the login cookie and have full system access.
CVE-2024-3741 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
A CVSS v4 score has been calculated for This article has been indexed from All CISA Advisories