#VU88763 Cleartext storage of sensitive information in Electrolink Hardware solutions
Vulnerability identifier: #VU88763
Vulnerability risk: Medium
CVSSv3.1: 6.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID:
CWE-ID:
CWE-312
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
10W Compact DAB Transmitter
Hardware solutions /
Firmware
100W Compact DAB Transmitter
Hardware solutions /
Firmware
250W Compact DAB Transmitter
Hardware solutions /
Firmware
500W Medium DAB Transmitter
Hardware solutions /
Firmware
1kW Medium DAB Transmitter
Hardware solutions /
Firmware
2kW Medium DAB Transmitter
Hardware solutions /
Firmware
2.5kW High Power DAB Transmitter
Hardware solutions /
Firmware
3kW High Power DAB Transmitter
Hardware solutions /
Firmware
4kW High Power DAB Transmitter
Hardware solutions /
Firmware
5kW High Power DAB Transmitter
Hardware solutions /
Firmware
100W Compact FM Transmitter
Hardware solutions /
Firmware
500W Compact FM Transmitter
Hardware solutions /
Firmware
1kW Compact FM Transmitter
Hardware solutions /
Firmware
2kW Compact FM Transmitter
Hardware solutions /
Firmware
3kW Modular FM Transmitter
Hardware solutions /
Firmware
5kW Modular FM Transmitter
Hardware solutions /
Firmware
10kW Modular FM Transmitter
Hardware solutions /
Firmware
15kW Modular FM Transmitter
Hardware solutions /
Firmware
20kW Modular FM Transmitter
Hardware solutions /
Firmware
30kW Modular FM Transmitter
Hardware solutions /
Firmware
15W - 40kW Digital FM Transmitter
Hardware solutions /
Firmware
BI VHF TV Transmitter
Hardware solutions /
Firmware
BIII VHF TV Transmitter
Hardware solutions /
Firmware
10W - 5kW UHF TV Transmitter
Hardware solutions /
Firmware
Vendor: Electrolink
Description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to cleartext storage of sensitive information. A remote attacker can obtain user credentials.
Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versions
10W Compact DAB Transmitter: All versions
100W Compact DAB Transmitter: All versions
250W Compact DAB Transmitter: All versions
500W Medium DAB Transmitter: All versions
1kW Medium DAB Transmitter: All versions
2kW Medium DAB Transmitter: All versions
2.5kW High Power DAB Transmitter: All versions
3kW High Power DAB Transmitter: All versions
4kW High Power DAB Transmitter: All versions
5kW High Power DAB Transmitter: All versions
100W Compact FM Transmitter: All versions
500W Compact FM Transmitter: All versions
1kW Compact FM Transmitter: All versions
2kW Compact FM Transmitter: All versions
3kW Modular FM Transmitter: All versions
5kW Modular FM Transmitter: All versions
10kW Modular FM Transmitter: All versions
15kW Modular FM Transmitter: All versions
20kW Modular FM Transmitter: All versions
30kW Modular FM Transmitter: All versions
15W - 40kW Digital FM Transmitter: All versions
BI VHF TV Transmitter: All versions
BIII VHF TV Transmitter: All versions
10W - 5kW UHF TV Transmitter: All versions
External links
http://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
