CVE-2024-3741
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
Electrolink transmitters are vulnerable to an authentication bypass vulnerability affecting the login cookie. An attacker can set an arbitrary value except 'NO' to the login cookie and have full system access.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Electrolink | Compact DAB Transmitter | 10W | affected |
| Electrolink | Compact DAB Transmitter | 100W | affected |
| Electrolink | Compact DAB Transmitter | 250W | affected |
| Electrolink | Medium DAB Transmitter | 500W | affected |
| Electrolink | Medium DAB Transmitter | 1kW | affected |
| Electrolink | Medium DAB Transmitter | 2kW | affected |
| Electrolink | High Power DAB Transmitter | 2.5kW | affected |
| Electrolink | High Power DAB Transmitter | 3kW | affected |
| Electrolink | High Power DAB Transmitter | 4kW | affected |
| Electrolink | High Power DAB Transmitter | 5kW | affected |
| Electrolink | Compact FM Transmitter | Compact FM Transmitter | affected |
| Electrolink | Compact FM Transmitter | 500W | affected |
| Electrolink | Compact FM Transmitter | 1kW | affected |
| Electrolink | Compact FM Transmitter | 2kW | affected |
| Electrolink | Modular FM Transmitter | 3kW | affected |
| Electrolink | Modular FM Transmitter | 5kW | affected |
| Electrolink | Modular FM Transmitter | 10kW | affected |
| Electrolink | Modular FM Transmitter | 15kW | affected |
| Electrolink | Modular FM Transmitter | 20kW | affected |
| Electrolink | Modular FM Transmitter | 30kW | affected |
| Electrolink | Digital FM Transmitter | 15W <= 40kW | affected |
| Electrolink | VHF TV Transmitter | BI | affected |
| Electrolink | VHF TV Transmitter | BIII | affected |
| Electrolink | UHF TV Transmitter | 10W <= 5kW | affected |
Weaknesses
- CWE-302: CWE-302
Workarounds
Electrolink has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected products are encouraged to contact Electrolink https://electrolink.com/contacts/ for additional information.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.