CVE-2024-22186
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The application suffers from a privilege escalation vulnerability. An attacker logged in as guest can escalate his privileges by poisoning the cookie to become administrator.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Electrolink | Compact DAB Transmitter | 10W | affected |
| Electrolink | Compact DAB Transmitter | 100W | affected |
| Electrolink | Compact DAB Transmitter | 250W | affected |
| Electrolink | Medium DAB Transmitter | 500W | affected |
| Electrolink | Medium DAB Transmitter | 1kW | affected |
| Electrolink | Medium DAB Transmitter | 2kW | affected |
| Electrolink | High Power DAB Transmitter | 2.5kW | affected |
| Electrolink | High Power DAB Transmitter | 3kW | affected |
| Electrolink | High Power DAB Transmitter | 4kW | affected |
| Electrolink | High Power DAB Transmitter | 5kW | affected |
| Electrolink | Compact FM Transmitter | Compact FM Transmitter | affected |
| Electrolink | Compact FM Transmitter | 500W | affected |
| Electrolink | Compact FM Transmitter | 1kW | affected |
| Electrolink | Compact FM Transmitter | 2kW | affected |
| Electrolink | Modular FM Transmitter | 3kW | affected |
| Electrolink | Modular FM Transmitter | 5kW | affected |
| Electrolink | Modular FM Transmitter | 10kW | affected |
| Electrolink | Modular FM Transmitter | 15kW | affected |
| Electrolink | Modular FM Transmitter | 20kW | affected |
| Electrolink | Modular FM Transmitter | 30kW | affected |
| Electrolink | Digital FM Transmitter | 15W <= 40kW | affected |
| Electrolink | VHF TV Transmitter | BI | affected |
| Electrolink | VHF TV Transmitter | BIII | affected |
| Electrolink | UHF TV Transmitter | 10W <= 5kW | affected |
Weaknesses
- CWE-565: CWE-565 Reliance on Cookies without Validation and Integrity Checking
Workarounds
Electrolink has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected products are encouraged to contact Electrolink https://electrolink.com/contacts/ for additional information.
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.