#VU88756 Improper Authentication in Electrolink products - CVE-2024-22179
Published: April 17, 2024
Vulnerability identifier: #VU88756
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2024-22179
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
10W Compact DAB Transmitter
100W Compact DAB Transmitter
250W Compact DAB Transmitter
500W Medium DAB Transmitter
1kW Medium DAB Transmitter
2kW Medium DAB Transmitter
2.5kW High Power DAB Transmitter
3kW High Power DAB Transmitter
4kW High Power DAB Transmitter
5kW High Power DAB Transmitter
100W Compact FM Transmitter
500W Compact FM Transmitter
1kW Compact FM Transmitter
2kW Compact FM Transmitter
3kW Modular FM Transmitter
5kW Modular FM Transmitter
10kW Modular FM Transmitter
15kW Modular FM Transmitter
20kW Modular FM Transmitter
30kW Modular FM Transmitter
15W - 40kW Digital FM Transmitter
BI VHF TV Transmitter
BIII VHF TV Transmitter
10W - 5kW UHF TV Transmitter
10W Compact DAB Transmitter
100W Compact DAB Transmitter
250W Compact DAB Transmitter
500W Medium DAB Transmitter
1kW Medium DAB Transmitter
2kW Medium DAB Transmitter
2.5kW High Power DAB Transmitter
3kW High Power DAB Transmitter
4kW High Power DAB Transmitter
5kW High Power DAB Transmitter
100W Compact FM Transmitter
500W Compact FM Transmitter
1kW Compact FM Transmitter
2kW Compact FM Transmitter
3kW Modular FM Transmitter
5kW Modular FM Transmitter
10kW Modular FM Transmitter
15kW Modular FM Transmitter
20kW Modular FM Transmitter
30kW Modular FM Transmitter
15W - 40kW Digital FM Transmitter
BI VHF TV Transmitter
BIII VHF TV Transmitter
10W - 5kW UHF TV Transmitter
Software vendor:
Electrolink
Electrolink
Description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an unauthenticated parameter manipulation. A remote attacker can set the credentials to blank giving them access to the admin panel.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.