#VU88762 Missing Authentication for Critical Function in Electrolink products - CVE-2024-1491
Published: April 17, 2024
Vulnerability identifier: #VU88762
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2024-1491
CWE-ID: CWE-306
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
10W Compact DAB Transmitter
100W Compact DAB Transmitter
250W Compact DAB Transmitter
500W Medium DAB Transmitter
1kW Medium DAB Transmitter
2kW Medium DAB Transmitter
2.5kW High Power DAB Transmitter
3kW High Power DAB Transmitter
4kW High Power DAB Transmitter
5kW High Power DAB Transmitter
100W Compact FM Transmitter
500W Compact FM Transmitter
1kW Compact FM Transmitter
2kW Compact FM Transmitter
3kW Modular FM Transmitter
5kW Modular FM Transmitter
10kW Modular FM Transmitter
15kW Modular FM Transmitter
20kW Modular FM Transmitter
30kW Modular FM Transmitter
15W - 40kW Digital FM Transmitter
BI VHF TV Transmitter
BIII VHF TV Transmitter
10W - 5kW UHF TV Transmitter
10W Compact DAB Transmitter
100W Compact DAB Transmitter
250W Compact DAB Transmitter
500W Medium DAB Transmitter
1kW Medium DAB Transmitter
2kW Medium DAB Transmitter
2.5kW High Power DAB Transmitter
3kW High Power DAB Transmitter
4kW High Power DAB Transmitter
5kW High Power DAB Transmitter
100W Compact FM Transmitter
500W Compact FM Transmitter
1kW Compact FM Transmitter
2kW Compact FM Transmitter
3kW Modular FM Transmitter
5kW Modular FM Transmitter
10kW Modular FM Transmitter
15kW Modular FM Transmitter
20kW Modular FM Transmitter
30kW Modular FM Transmitter
15W - 40kW Digital FM Transmitter
BI VHF TV Transmitter
BIII VHF TV Transmitter
10W - 5kW UHF TV Transmitter
Software vendor:
Electrolink
Electrolink
Description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the affected devices allow access to an unprotected endpoint that allows MPFS file system binary image upload without authentication. A remote attacker can overwrite the flash program memory that holds the web server's main interfaces and execute arbitrary code.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.