CVE-2024-3741

Electrolink FM/DAB/TV Transmitter Authentication Bypass by Assumed-Immutable Data

CVSS 8.7 HIGHEPSS 0.5%CWE-302

Electrolink transmitters are vulnerable to an authentication bypass vulnerability affecting the login cookie. An attacker can set an arbitrary value except 'NO' to the login cookie and have full system access.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Produtos afetados

Electrolink · Compact DAB Transmitter Electrolink · Compact FM Transmitter Electrolink · Digital FM Transmitter Electrolink · High Power DAB Transmitter Electrolink · Medium DAB Transmitter Electrolink · Modular FM Transmitter Electrolink · UHF TV Transmitter Electrolink · VHF TV Transmitter

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02