Vulnerability identifier: #VU88758

Vulnerability risk: Medium

CVSSv3.1: 8.1 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2024-22186

CWE-ID: CWE-565

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
10W Compact DAB Transmitter
Hardware solutions / Firmware
100W Compact DAB Transmitter
Hardware solutions / Firmware
250W Compact DAB Transmitter
Hardware solutions / Firmware
500W Medium DAB Transmitter
Hardware solutions / Firmware
1kW Medium DAB Transmitter
Hardware solutions / Firmware
2kW Medium DAB Transmitter
Hardware solutions / Firmware
2.5kW High Power DAB Transmitter
Hardware solutions / Firmware
3kW High Power DAB Transmitter
Hardware solutions / Firmware
4kW High Power DAB Transmitter
Hardware solutions / Firmware
5kW High Power DAB Transmitter
Hardware solutions / Firmware
100W Compact FM Transmitter
Hardware solutions / Firmware
500W Compact FM Transmitter
Hardware solutions / Firmware
1kW Compact FM Transmitter
Hardware solutions / Firmware
2kW Compact FM Transmitter
Hardware solutions / Firmware
3kW Modular FM Transmitter
Hardware solutions / Firmware
5kW Modular FM Transmitter
Hardware solutions / Firmware
10kW Modular FM Transmitter
Hardware solutions / Firmware
15kW Modular FM Transmitter
Hardware solutions / Firmware
20kW Modular FM Transmitter
Hardware solutions / Firmware
30kW Modular FM Transmitter
Hardware solutions / Firmware
15W - 40kW Digital FM Transmitter
Hardware solutions / Firmware
BI VHF TV Transmitter
Hardware solutions / Firmware
BIII VHF TV Transmitter
Hardware solutions / Firmware
10W - 5kW UHF TV Transmitter
Hardware solutions / Firmware

Vendor: Electrolink

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to reliance on cookies without validation and integrity checking. A remote user can poison the cookie to become administrator.

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

10W Compact DAB Transmitter: All versions

100W Compact DAB Transmitter: All versions

250W Compact DAB Transmitter: All versions

500W Medium DAB Transmitter: All versions

1kW Medium DAB Transmitter: All versions

2kW Medium DAB Transmitter: All versions

2.5kW High Power DAB Transmitter: All versions

3kW High Power DAB Transmitter: All versions

4kW High Power DAB Transmitter: All versions

5kW High Power DAB Transmitter: All versions

100W Compact FM Transmitter: All versions

500W Compact FM Transmitter: All versions

1kW Compact FM Transmitter: All versions

2kW Compact FM Transmitter: All versions

3kW Modular FM Transmitter: All versions

5kW Modular FM Transmitter: All versions

10kW Modular FM Transmitter: All versions

15kW Modular FM Transmitter: All versions

20kW Modular FM Transmitter: All versions

30kW Modular FM Transmitter: All versions

15W - 40kW Digital FM Transmitter: All versions

BI VHF TV Transmitter: All versions

BIII VHF TV Transmitter: All versions

10W - 5kW UHF TV Transmitter: All versions

---

External links
http://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.