CVE-2024-3741 (GCVE-0-2024-3741)

Vulnerability from cvelistv5 – Published: 2024-04-18 22:04 – Updated: 2024-08-01 20:20
VLAI
Title
Electrolink FM/DAB/TV Transmitter Authentication Bypass by Assumed-Immutable Data
Summary
Electrolink transmitters are vulnerable to an authentication bypass vulnerability affecting the login cookie. An attacker can set an arbitrary value except 'NO' to the login cookie and have full system access.
Severity
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
8.7 (High)
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
Electrolink Compact DAB Transmitter Affected: 10W
Affected: 100W
Affected: 250W
Create a notification for this product.
Electrolink Medium DAB Transmitter Affected: 500W
Affected: 1kW
Affected: 2kW
Create a notification for this product.
Electrolink High Power DAB Transmitter Affected: 2.5kW
Affected: 3kW
Affected: 4kW
Affected: 5kW
Create a notification for this product.
Electrolink Compact FM Transmitter Affected: Compact FM Transmitter
Affected: 500W
Affected: 1kW
Affected: 2kW
Create a notification for this product.
Electrolink Modular FM Transmitter Affected: 3kW
Affected: 5kW
Affected: 10kW
Affected: 15kW
Affected: 20kW
Affected: 30kW
Create a notification for this product.
Electrolink Digital FM Transmitter Affected: 15W , ≤ 40kW (custom)
Create a notification for this product.
Electrolink VHF TV Transmitter Affected: BI
Affected: BIII
Create a notification for this product.
Electrolink UHF TV Transmitter Affected: 10W , ≤ 5kW (custom)
Create a notification for this product.
electrolink medium dab transmitter Affected: 2kW
    cpe:2.3:a:electrolink:medium_dab_transmitter:*:*:*:*:*:*:*:*
 Create a notification for this product.
electrolink uhf tv transmitter Affected: 10W
    cpe:2.3:a:electrolink:uhf_tv_transmitter:*:*:*:*:*:*:*:*
 Create a notification for this product.
electrolink high power dab transmitter Affected: 5kW
    cpe:2.3:a:electrolink:high_power_dab_transmitter:*:*:*:*:*:*:*:*
 Create a notification for this product.
electrolink compact dab transmitter Affected: 250W
    cpe:2.3:a:electrolink:compact_dab_transmitter:*:*:*:*:*:*:*:*
 Create a notification for this product.
electrolink compact fm transmitter Affected: 2kW
    cpe:2.3:a:electrolink:compact_fm_transmitter:*:*:*:*:*:*:*:*
 Create a notification for this product.
electrolink modular fm transmitter Affected: 30kW
    cpe:2.3:a:electrolink:modular_fm_transmitter:*:*:*:*:*:*:*:*
 Create a notification for this product.
electrolink digital fm transmitter Affected: 15W
    cpe:2.3:a:electrolink:digital_fm_transmitter:*:*:*:*:*:*:*:*
 Create a notification for this product.
electrolink vhf tv transmitter Affected: BI
    cpe:2.3:a:electrolink:vhf_tv_transmitter:*:*:*:*:*:*:*:*
 Create a notification for this product.
Credits
Gjoko Krstic publicly reported these vulnerabilities on the internet after an unsuccessful attempt to contact Electrolink directly.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:electrolink:medium_dab_transmitter:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "medium dab transmitter",
            "vendor": "electrolink",
            "versions": [
              {
                "status": "affected",
                "version": "2kW"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:electrolink:uhf_tv_transmitter:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "uhf tv transmitter",
            "vendor": "electrolink",
            "versions": [
              {
                "status": "affected",
                "version": "10W"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:electrolink:high_power_dab_transmitter:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "high power dab transmitter",
            "vendor": "electrolink",
            "versions": [
              {
                "status": "affected",
                "version": "5kW"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:electrolink:compact_dab_transmitter:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "compact dab transmitter",
            "vendor": "electrolink",
            "versions": [
              {
                "status": "affected",
                "version": "250W"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:electrolink:compact_fm_transmitter:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "compact fm transmitter",
            "vendor": "electrolink",
            "versions": [
              {
                "status": "affected",
                "version": "2kW"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:electrolink:modular_fm_transmitter:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "modular fm transmitter",
            "vendor": "electrolink",
            "versions": [
              {
                "status": "affected",
                "version": "30kW"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:electrolink:digital_fm_transmitter:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "digital fm transmitter",
            "vendor": "electrolink",
            "versions": [
              {
                "status": "affected",
                "version": "15W"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:electrolink:vhf_tv_transmitter:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "vhf tv transmitter",
            "vendor": "electrolink",
            "versions": [
              {
                "status": "affected",
                "version": "BI"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-3741",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-29T18:54:30.103942Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:32:28.173Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:20:01.174Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Compact DAB Transmitter",
          "vendor": "Electrolink",
          "versions": [
            {
              "status": "affected",
              "version": "10W"
            },
            {
              "status": "affected",
              "version": "100W"
            },
            {
              "status": "affected",
              "version": "250W"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Medium DAB Transmitter",
          "vendor": "Electrolink",
          "versions": [
            {
              "status": "affected",
              "version": "500W"
            },
            {
              "status": "affected",
              "version": "1kW"
            },
            {
              "status": "affected",
              "version": "2kW"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "High Power DAB Transmitter",
          "vendor": "Electrolink",
          "versions": [
            {
              "status": "affected",
              "version": "2.5kW"
            },
            {
              "status": "affected",
              "version": "3kW"
            },
            {
              "status": "affected",
              "version": "4kW"
            },
            {
              "status": "affected",
              "version": "5kW"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Compact FM Transmitter",
          "vendor": "Electrolink",
          "versions": [
            {
              "status": "affected",
              "version": "Compact FM Transmitter"
            },
            {
              "status": "affected",
              "version": "500W"
            },
            {
              "status": "affected",
              "version": "1kW"
            },
            {
              "status": "affected",
              "version": "2kW"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Modular FM Transmitter",
          "vendor": "Electrolink",
          "versions": [
            {
              "status": "affected",
              "version": "3kW"
            },
            {
              "status": "affected",
              "version": "5kW"
            },
            {
              "status": "affected",
              "version": "10kW"
            },
            {
              "status": "affected",
              "version": "15kW"
            },
            {
              "status": "affected",
              "version": "20kW"
            },
            {
              "status": "affected",
              "version": "30kW"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Digital FM Transmitter",
          "vendor": "Electrolink",
          "versions": [
            {
              "lessThanOrEqual": "40kW",
              "status": "affected",
              "version": "15W",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VHF TV Transmitter",
          "vendor": "Electrolink",
          "versions": [
            {
              "status": "affected",
              "version": "BI"
            },
            {
              "status": "affected",
              "version": "BIII"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "UHF TV Transmitter",
          "vendor": "Electrolink",
          "versions": [
            {
              "lessThanOrEqual": "5kW",
              "status": "affected",
              "version": "10W",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Gjoko Krstic publicly reported these vulnerabilities on the internet after an unsuccessful attempt to contact Electrolink directly."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Electrolink transmitters are vulnerable to an authentication bypass \nvulnerability affecting the login cookie. An attacker can set an \narbitrary value except \u0027NO\u0027 to the login cookie and have full system \naccess."
            }
          ],
          "value": "Electrolink transmitters are vulnerable to an authentication bypass \nvulnerability affecting the login cookie. An attacker can set an \narbitrary value except \u0027NO\u0027 to the login cookie and have full system \naccess."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-302",
              "description": "CWE-302",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-28T16:40:14.630Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02"
        }
      ],
      "source": {
        "advisory": "ICSA-24-107-02",
        "discovery": "EXTERNAL"
      },
      "title": "Electrolink FM/DAB/TV Transmitter Authentication Bypass by Assumed-Immutable Data",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://electrolink.com/contacts/\"\u003eElectrolink\u003c/a\u003e for additional information.\n\n\u003cbr\u003e"
            }
          ],
          "value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact  Electrolink https://electrolink.com/contacts/  for additional information."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2024-3741",
    "datePublished": "2024-04-18T22:04:46.300Z",
    "dateReserved": "2024-04-12T19:35:17.605Z",
    "dateUpdated": "2024-08-01T20:20:01.174Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-3741",
      "date": "2026-06-04",
      "epss": "0.00028",
      "percentile": "0.08544"
    },
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Electrolink transmitters are vulnerable to an authentication bypass \\nvulnerability affecting the login cookie. An attacker can set an \\narbitrary value except \u0027NO\u0027 to the login cookie and have full system \\naccess.\"}, {\"lang\": \"es\", \"value\": \"Los transmisores Electrolink son afectados una vulnerabilidad de omisi\\u00f3n de autenticaci\\u00f3n que afecta la cookie de inicio de sesi\\u00f3n. Un atacante puede establecer un valor arbitrario excepto \u0027NO\u0027 para la cookie de inicio de sesi\\u00f3n y tener acceso completo al sistema.\"}]",
      "id": "CVE-2024-3741",
      "lastModified": "2024-11-21T09:30:17.370",
      "metrics": "{\"cvssMetricV40\": [{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"4.0\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\", \"baseScore\": 8.7, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"vulnerableSystemConfidentiality\": \"HIGH\", \"vulnerableSystemIntegrity\": \"NONE\", \"vulnerableSystemAvailability\": \"NONE\", \"subsequentSystemConfidentiality\": \"NONE\", \"subsequentSystemIntegrity\": \"NONE\", \"subsequentSystemAvailability\": \"NONE\", \"exploitMaturity\": \"NOT_DEFINED\", \"confidentialityRequirements\": \"NOT_DEFINED\", \"integrityRequirements\": \"NOT_DEFINED\", \"availabilityRequirements\": \"NOT_DEFINED\", \"modifiedAttackVector\": \"NOT_DEFINED\", \"modifiedAttackComplexity\": \"NOT_DEFINED\", \"modifiedAttackRequirements\": \"NOT_DEFINED\", \"modifiedPrivilegesRequired\": \"NOT_DEFINED\", \"modifiedUserInteraction\": \"NOT_DEFINED\", \"modifiedVulnerableSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedVulnerableSystemIntegrity\": \"NOT_DEFINED\", \"modifiedVulnerableSystemAvailability\": \"NOT_DEFINED\", \"modifiedSubsequentSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedSubsequentSystemIntegrity\": \"NOT_DEFINED\", \"modifiedSubsequentSystemAvailability\": \"NOT_DEFINED\", \"safety\": \"NOT_DEFINED\", \"automatable\": \"NOT_DEFINED\", \"recovery\": \"NOT_DEFINED\", \"valueDensity\": \"NOT_DEFINED\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\"}}], \"cvssMetricV31\": [{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
      "published": "2024-04-18T22:15:10.603",
      "references": "[{\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02\", \"source\": \"ics-cert@hq.dhs.gov\"}, {\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "ics-cert@hq.dhs.gov",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-302\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-3741\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2024-04-18T22:15:10.603\",\"lastModified\":\"2024-11-21T09:30:17.370\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Electrolink transmitters are vulnerable to an authentication bypass \\nvulnerability affecting the login cookie. An attacker can set an \\narbitrary value except \u0027NO\u0027 to the login cookie and have full system \\naccess.\"},{\"lang\":\"es\",\"value\":\"Los transmisores Electrolink son afectados una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n que afecta la cookie de inicio de sesi\u00f3n. Un atacante puede establecer un valor arbitrario excepto \u0027NO\u0027 para la cookie de inicio de sesi\u00f3n y tener acceso completo al sistema.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-302\"}]}],\"references\":[{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02\",\"source\":\"ics-cert@hq.dhs.gov\"},{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T20:20:01.174Z\"}}, {\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-3741\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-04-29T18:54:30.103942Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:electrolink:medium_dab_transmitter:*:*:*:*:*:*:*:*\"], \"vendor\": \"electrolink\", \"product\": \"medium dab transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"2kW\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:electrolink:uhf_tv_transmitter:*:*:*:*:*:*:*:*\"], \"vendor\": \"electrolink\", \"product\": \"uhf tv transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"10W\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:electrolink:high_power_dab_transmitter:*:*:*:*:*:*:*:*\"], \"vendor\": \"electrolink\", \"product\": \"high power dab transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"5kW\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:electrolink:compact_dab_transmitter:*:*:*:*:*:*:*:*\"], \"vendor\": \"electrolink\", \"product\": \"compact dab transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"250W\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:electrolink:compact_fm_transmitter:*:*:*:*:*:*:*:*\"], \"vendor\": \"electrolink\", \"product\": \"compact fm transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"2kW\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:electrolink:modular_fm_transmitter:*:*:*:*:*:*:*:*\"], \"vendor\": \"electrolink\", \"product\": \"modular fm transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"30kW\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:electrolink:digital_fm_transmitter:*:*:*:*:*:*:*:*\"], \"vendor\": \"electrolink\", \"product\": \"digital fm transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"15W\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:electrolink:vhf_tv_transmitter:*:*:*:*:*:*:*:*\"], \"vendor\": \"electrolink\", \"product\": \"vhf tv transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"BI\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-04-29T18:38:51.564Z\"}, \"title\": \"CISA ADP Vulnrichment\"}], \"cna\": {\"title\": \"Electrolink FM/DAB/TV Transmitter Authentication Bypass by Assumed-Immutable Data\", \"source\": {\"advisory\": \"ICSA-24-107-02\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Gjoko Krstic publicly reported these vulnerabilities on the internet after an unsuccessful attempt to contact Electrolink directly.\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 8.7, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Electrolink\", \"product\": \"Compact DAB Transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"10W\"}, {\"status\": \"affected\", \"version\": \"100W\"}, {\"status\": \"affected\", \"version\": \"250W\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Electrolink\", \"product\": \"Medium DAB Transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"500W\"}, {\"status\": \"affected\", \"version\": \"1kW\"}, {\"status\": \"affected\", \"version\": \"2kW\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Electrolink\", \"product\": \"High Power DAB Transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.5kW\"}, {\"status\": \"affected\", \"version\": \"3kW\"}, {\"status\": \"affected\", \"version\": \"4kW\"}, {\"status\": \"affected\", \"version\": \"5kW\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Electrolink\", \"product\": \"Compact FM Transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"Compact FM Transmitter\"}, {\"status\": \"affected\", \"version\": \"500W\"}, {\"status\": \"affected\", \"version\": \"1kW\"}, {\"status\": \"affected\", \"version\": \"2kW\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Electrolink\", \"product\": \"Modular FM Transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"3kW\"}, {\"status\": \"affected\", \"version\": \"5kW\"}, {\"status\": \"affected\", \"version\": \"10kW\"}, {\"status\": \"affected\", \"version\": \"15kW\"}, {\"status\": \"affected\", \"version\": \"20kW\"}, {\"status\": \"affected\", \"version\": \"30kW\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Electrolink\", \"product\": \"Digital FM Transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"15W\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"40kW\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Electrolink\", \"product\": \"VHF TV Transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"BI\"}, {\"status\": \"affected\", \"version\": \"BIII\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Electrolink\", \"product\": \"UHF TV Transmitter\", \"versions\": [{\"status\": \"affected\", \"version\": \"10W\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5kW\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Electrolink has not responded to requests to work with CISA to mitigate \\nthese vulnerabilities. Users of the affected products are encouraged to \\ncontact  Electrolink https://electrolink.com/contacts/  for additional information.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Electrolink has not responded to requests to work with CISA to mitigate \\nthese vulnerabilities. Users of the affected products are encouraged to \\ncontact \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://electrolink.com/contacts/\\\"\u003eElectrolink\u003c/a\u003e for additional information.\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Electrolink transmitters are vulnerable to an authentication bypass \\nvulnerability affecting the login cookie. An attacker can set an \\narbitrary value except \u0027NO\u0027 to the login cookie and have full system \\naccess.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Electrolink transmitters are vulnerable to an authentication bypass \\nvulnerability affecting the login cookie. An attacker can set an \\narbitrary value except \u0027NO\u0027 to the login cookie and have full system \\naccess.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-302\", \"description\": \"CWE-302\"}]}], \"providerMetadata\": {\"orgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"shortName\": \"icscert\", \"dateUpdated\": \"2024-05-28T16:40:14.630Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-3741\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-01T20:20:01.174Z\", \"dateReserved\": \"2024-04-12T19:35:17.605Z\", \"assignerOrgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"datePublished\": \"2024-04-18T22:04:46.300Z\", \"assignerShortName\": \"icscert\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.