#VU88761 Missing Authentication for Critical Function in Electrolink products - CVE-2024-21846

Vulnerability identifier: #VU88761

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-21846

CWE-ID: CWE-306

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
10W Compact DAB Transmitter
100W Compact DAB Transmitter
250W Compact DAB Transmitter
500W Medium DAB Transmitter
1kW Medium DAB Transmitter
2kW Medium DAB Transmitter
2.5kW High Power DAB Transmitter
3kW High Power DAB Transmitter
4kW High Power DAB Transmitter
5kW High Power DAB Transmitter
100W Compact FM Transmitter
500W Compact FM Transmitter
1kW Compact FM Transmitter
2kW Compact FM Transmitter
3kW Modular FM Transmitter
5kW Modular FM Transmitter
10kW Modular FM Transmitter
15kW Modular FM Transmitter
20kW Modular FM Transmitter
30kW Modular FM Transmitter
15W - 40kW Digital FM Transmitter
BI VHF TV Transmitter
BIII VHF TV Transmitter
10W - 5kW UHF TV Transmitter

Software vendor:
Electrolink

The vulnerability allows a remote attacker to perform a dneial of service (DoS) attack.

The vulnerability exists due to a missing authentication check. A remote attacker can send a specially crafted GET request and cause a denial of service condition on the target system.

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

• https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02