CVE-2024-1491
Electrolink FM/DAB/TV Transmitter Missing Authentication for Critical Function
Severity Score
8.7
*CVSS v4
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
The devices allow access to an unprotected endpoint that allows MPFS
file system binary image upload without authentication. The MPFS2 file
system module provides a light-weight read-only file system that can be
stored in external EEPROM, external serial flash, or internal flash
program memory. This file system serves as the basis for the HTTP2 web
server module, but is also used by the SNMP module and is available to
other applications that require basic read-only storage capabilities.
This can be exploited to overwrite the flash program memory that holds
the web server's main interfaces and execute arbitrary code.
Los dispositivos permiten el acceso a un punto final desprotegido que permite la carga de imágenes binarias del sistema de archivos MPFS sin autenticación. El módulo de sistema de archivos MPFS2 proporciona un sistema de archivos liviano de solo lectura que se puede almacenar en una EEPROM externa, una memoria flash serial externa o una memoria flash interna de programa. Este sistema de archivos sirve como base para el módulo de servidor web HTTP2, pero también lo utiliza el módulo SNMP y está disponible para otras aplicaciones que requieren capacidades básicas de almacenamiento de solo lectura. Esto puede aprovecharse para sobrescribir la memoria flash del programa que contiene las interfaces principales del servidor web y ejecutar código arbitrario.
*Credits:
Gjoko Krstic publicly reported these vulnerabilities on the internet after an unsuccessful attempt to contact Electrolink directly.
CVSS Scores
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
System
Vulnerable | Subsequent
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-02-14 CVE Reserved
- 2024-04-18 CVE Published
- 2024-04-19 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-306: Missing Authentication for Critical Function
CAPEC
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Electrolink Search vendor "Electrolink" | Compact DAB Transmitter Search vendor "Electrolink" for product "Compact DAB Transmitter" | 10 Search vendor "Electrolink" for product "Compact DAB Transmitter" and version "10" | en |
Affected
| ||||||
| Electrolink Search vendor "Electrolink" | Compact DAB Transmitter Search vendor "Electrolink" for product "Compact DAB Transmitter" | 100 Search vendor "Electrolink" for product "Compact DAB Transmitter" and version "100" | en |
Affected
| ||||||
| Electrolink Search vendor "Electrolink" | Compact DAB Transmitter Search vendor "Electrolink" for product "Compact DAB Transmitter" | 250 Search vendor "Electrolink" for product "Compact DAB Transmitter" and version "250" | en |
Affected
| ||||||
| Electrolink Search vendor "Electrolink" | Medium DAB Transmitter Search vendor "Electrolink" for product "Medium DAB Transmitter" | 500 Search vendor "Electrolink" for product "Medium DAB Transmitter" and version "500" | en |
Affected
| ||||||
| Electrolink Search vendor "Electrolink" | Medium DAB Transmitter Search vendor "Electrolink" for product "Medium DAB Transmitter" | 1 Search vendor "Electrolink" for product "Medium DAB Transmitter" and version "1" | en |
Affected
| ||||||
| Electrolink Search vendor "Electrolink" | Medium DAB Transmitter Search vendor "Electrolink" for product "Medium DAB Transmitter" | 2 Search vendor "Electrolink" for product "Medium DAB Transmitter" and version "2" | en |
Affected
| ||||||
| Electrolink Search vendor "Electrolink" | High Power DAB Transmitter Search vendor "Electrolink" for product "High Power DAB Transmitter" | 2.5 Search vendor "Electrolink" for product "High Power DAB Transmitter" and version "2.5" | en |
Affected
| ||||||
| Electrolink Search vendor "Electrolink" | High Power DAB Transmitter Search vendor "Electrolink" for product "High Power DAB Transmitter" | 3 Search vendor "Electrolink" for product "High Power DAB Transmitter" and version "3" | en |
Affected
| ||||||
| Electrolink Search vendor "Electrolink" | High Power DAB Transmitter Search vendor "Electrolink" for product "High Power DAB Transmitter" | 4 Search vendor "Electrolink" for product "High Power DAB Transmitter" and version "4" | en |
Affected
| ||||||
| Electrolink Search vendor "Electrolink" | High Power DAB Transmitter Search vendor "Electrolink" for product "High Power DAB Transmitter" | 5 Search vendor "Electrolink" for product "High Power DAB Transmitter" and version "5" | en |
Affected
| ||||||
| Electrolink Search vendor "Electrolink" | Compact FM Transmitter Search vendor "Electrolink" for product "Compact FM Transmitter" | <= Search vendor "Electrolink" for product "Compact FM Transmitter" and version " <= " | en |
Affected
| ||||||
| Electrolink Search vendor "Electrolink" | Compact FM Transmitter Search vendor "Electrolink" for product "Compact FM Transmitter" | 500 Search vendor "Electrolink" for product "Compact FM Transmitter" and version "500" | en |
Affected
| ||||||
| Electrolink Search vendor "Electrolink" | Compact FM Transmitter Search vendor "Electrolink" for product "Compact FM Transmitter" | 1 Search vendor "Electrolink" for product "Compact FM Transmitter" and version "1" | en |
Affected
| ||||||
| Electrolink Search vendor "Electrolink" | Compact FM Transmitter Search vendor "Electrolink" for product "Compact FM Transmitter" | 2 Search vendor "Electrolink" for product "Compact FM Transmitter" and version "2" | en |
Affected
| ||||||
| Electrolink Search vendor "Electrolink" | Modular FM Transmitter Search vendor "Electrolink" for product "Modular FM Transmitter" | 3 Search vendor "Electrolink" for product "Modular FM Transmitter" and version "3" | en |
Affected
| ||||||
| Electrolink Search vendor "Electrolink" | Modular FM Transmitter Search vendor "Electrolink" for product "Modular FM Transmitter" | 5 Search vendor "Electrolink" for product "Modular FM Transmitter" and version "5" | en |
Affected
| ||||||
| Electrolink Search vendor "Electrolink" | Modular FM Transmitter Search vendor "Electrolink" for product "Modular FM Transmitter" | 10 Search vendor "Electrolink" for product "Modular FM Transmitter" and version "10" | en |
Affected
| ||||||
| Electrolink Search vendor "Electrolink" | Modular FM Transmitter Search vendor "Electrolink" for product "Modular FM Transmitter" | 15 Search vendor "Electrolink" for product "Modular FM Transmitter" and version "15" | en |
Affected
| ||||||
| Electrolink Search vendor "Electrolink" | Modular FM Transmitter Search vendor "Electrolink" for product "Modular FM Transmitter" | 20 Search vendor "Electrolink" for product "Modular FM Transmitter" and version "20" | en |
Affected
| ||||||
| Electrolink Search vendor "Electrolink" | Modular FM Transmitter Search vendor "Electrolink" for product "Modular FM Transmitter" | 30 Search vendor "Electrolink" for product "Modular FM Transmitter" and version "30" | en |
Affected
| ||||||
| Electrolink Search vendor "Electrolink" | VHF TV Transmitter Search vendor "Electrolink" for product "VHF TV Transmitter" | <= Search vendor "Electrolink" for product "VHF TV Transmitter" and version " <= " | en |
Affected
| ||||||
| Electrolink Search vendor "Electrolink" | VHF TV Transmitter Search vendor "Electrolink" for product "VHF TV Transmitter" | <= Search vendor "Electrolink" for product "VHF TV Transmitter" and version " <= " | en |
Affected
| ||||||