We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-21846

Electrolink FM/DAB/TV Transmitter Missing Authentication for Critical Function



Assignericscert
Reserved2024-01-05
Published2024-04-18
Updated2024-08-01

Description

An unauthenticated attacker can reset the board and stop transmitter operations by sending a specially-crafted GET request to the command.cgi gateway, resulting in a denial-of-service scenario.



MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Product status

Default status
unaffected

10W
affected

100W
affected

250W
affected

Default status
unaffected

500W
affected

1kW
affected

2kW
affected

Default status
unaffected

2.5kW
affected

3kW
affected

4kW
affected

5kW
affected

Default status
unaffected

Compact FM Transmitter
affected

500W
affected

1kW
affected

2kW
affected

Default status
unaffected

3kW
affected

5kW
affected

10kW
affected

15kW
affected

20kW
affected

30kW
affected

Default status
unaffected

15W
affected

Default status
unaffected

BI
affected

BIII
affected

Default status
unaffected

10W
affected

Credits

Gjoko Krstic publicly reported these vulnerabilities on the internet after an unsuccessful attempt to contact Electrolink directly. finder

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02

cve.org CVE-2024-21846

nvd.nist.gov CVE-2024-21846

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-21846
Support options

Helpdesk Telegram

Subscribe to our newsletter to learn more about our work.

© Copyright 2024 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.