← volver
CVE-2024-3741

Electrolink FM/DAB/TV Transmitter Authentication Bypass by Assumed-Immutable Data

CVSS 8.7 HIGHEPSS 0.5%CWE-302
Electrolink transmitters are vulnerable to an authentication bypass vulnerability affecting the login cookie. An attacker can set an arbitrary value except 'NO' to the login cookie and have full system access.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Productos afectados
Electrolink · Compact DAB TransmitterElectrolink · Compact FM TransmitterElectrolink · Digital FM TransmitterElectrolink · High Power DAB TransmitterElectrolink · Medium DAB TransmitterElectrolink · Modular FM TransmitterElectrolink · UHF TV TransmitterElectrolink · VHF TV Transmitter

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02