CVE-2024-21846
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
An unauthenticated attacker can reset the board and stop transmitter operations by sending a specially-crafted GET request to the command.cgi gateway, resulting in a denial-of-service scenario.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Electrolink | Compact DAB Transmitter | 10W | affected |
| Electrolink | Compact DAB Transmitter | 100W | affected |
| Electrolink | Compact DAB Transmitter | 250W | affected |
| Electrolink | Medium DAB Transmitter | 500W | affected |
| Electrolink | Medium DAB Transmitter | 1kW | affected |
| Electrolink | Medium DAB Transmitter | 2kW | affected |
| Electrolink | High Power DAB Transmitter | 2.5kW | affected |
| Electrolink | High Power DAB Transmitter | 3kW | affected |
| Electrolink | High Power DAB Transmitter | 4kW | affected |
| Electrolink | High Power DAB Transmitter | 5kW | affected |
| Electrolink | Compact FM Transmitter | Compact FM Transmitter | affected |
| Electrolink | Compact FM Transmitter | 500W | affected |
| Electrolink | Compact FM Transmitter | 1kW | affected |
| Electrolink | Compact FM Transmitter | 2kW | affected |
| Electrolink | Modular FM Transmitter | 3kW | affected |
| Electrolink | Modular FM Transmitter | 5kW | affected |
| Electrolink | Modular FM Transmitter | 10kW | affected |
| Electrolink | Modular FM Transmitter | 15kW | affected |
| Electrolink | Modular FM Transmitter | 20kW | affected |
| Electrolink | Modular FM Transmitter | 30kW | affected |
| Electrolink | Digital FM Transmitter | 15W <= 40kW | affected |
| Electrolink | VHF TV Transmitter | BI | affected |
| Electrolink | VHF TV Transmitter | BIII | affected |
| Electrolink | UHF TV Transmitter | 10W <= 5kW | affected |
Weaknesses
- CWE-306: CWE-306 Missing Authentication for Critical Function
Workarounds
Electrolink has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected products are encouraged to contact Electrolink https://electrolink.com/contacts/ for additional information.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.