CVE-2024-3742
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Electrolink transmitters store credentials in clear-text. Use of these credentials could allow an attacker to access the system.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Electrolink | Compact DAB Transmitter | 10W | affected |
| Electrolink | Compact DAB Transmitter | 100W | affected |
| Electrolink | Compact DAB Transmitter | 250W | affected |
| Electrolink | Medium DAB Transmitter | 500W | affected |
| Electrolink | Medium DAB Transmitter | 1kW | affected |
| Electrolink | Medium DAB Transmitter | 2kW | affected |
| Electrolink | High Power DAB Transmitter | 2.5kW | affected |
| Electrolink | High Power DAB Transmitter | 3kW | affected |
| Electrolink | High Power DAB Transmitter | 4kW | affected |
| Electrolink | High Power DAB Transmitter | 5kW | affected |
| Electrolink | Compact FM Transmitter | Compact FM Transmitter | affected |
| Electrolink | Compact FM Transmitter | 500W | affected |
| Electrolink | Compact FM Transmitter | 1kW | affected |
| Electrolink | Compact FM Transmitter | 2kW | affected |
| Electrolink | Modular FM Transmitter | 3kW | affected |
| Electrolink | Modular FM Transmitter | 5kW | affected |
| Electrolink | Modular FM Transmitter | 10kW | affected |
| Electrolink | Modular FM Transmitter | 15kW | affected |
| Electrolink | Modular FM Transmitter | 20kW | affected |
| Electrolink | Modular FM Transmitter | 30kW | affected |
| Electrolink | Digital FM Transmitter | 15W <= 40kW | affected |
| Electrolink | VHF TV Transmitter | BI | affected |
| Electrolink | VHF TV Transmitter | BIII | affected |
| Electrolink | UHF TV Transmitter | 10W <= 5kW | affected |
Weaknesses
- CWE-312: CWE-312 Cleartext Storage of Sensitive Information
Workarounds
Electrolink has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected products are encouraged to contact Electrolink https://electrolink.com/contacts/ for additional information.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.