CVE-2024-9692

Summary

VIMESA VHF/FM Transmitter Blue Plus is suffering from a Denial-of-Service (DoS) vulnerability. An unauthenticated attacker can issue an unauthorized HTTP GET request to the unprotected endpoint 'doreboot' and restart the transmitter operations.

Affected Software

VendorProductVersion RangeStatus
VIMESAVHF/FM Transmitter Blue Plusv9.7.1affected

Weaknesses

  • CWE-284: CWE-284: Improper Access Control

Workarounds

VIMESA has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of the affected products are encouraged to contact VIMESA https://www.vimesa.es/contactenos/  for additional information.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References