CVE-2024-1491
published 2024-04-18CVE-2024-1491: The devices allow access to an unprotected endpoint that allows MPFS file system binary image upload without authentication. The MPFS2 file system module…
PriorityP348high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EPSS
0.55%
42.0th percentile
The devices allow access to an unprotected endpoint that allows MPFS
file system binary image upload without authentication. The MPFS2 file
system module provides a light-weight read-only file system that can be
stored in external EEPROM, external serial flash, or internal flash
program memory. This file system serves as the basis for the HTTP2 web
server module, but is also used by the SNMP module and is available to
other applications that require basic read-only storage capabilities.
This can be exploited to overwrite the flash program memory that holds
the web server's main interfaces and execute arbitrary code.
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| electrolink | compact_dab_transmitter | — | — |
| electrolink | compact_dab_transmitter | — | — |
| electrolink | compact_dab_transmitter | — | — |
| electrolink | compact_fm_transmitter | — | — |
| electrolink | compact_fm_transmitter | — | — |
| electrolink | compact_fm_transmitter | — | — |
| electrolink | compact_fm_transmitter | — | — |
| electrolink | digital_fm_transmitter | 15W – 40kW | — |
| electrolink | high_power_dab_transmitter | — | — |
| electrolink | high_power_dab_transmitter | — | — |
| electrolink | high_power_dab_transmitter | — | — |
| electrolink | high_power_dab_transmitter | — | — |
| electrolink | medium_dab_transmitter | — | — |
| electrolink | medium_dab_transmitter | — | — |
| electrolink | medium_dab_transmitter | — | — |
| electrolink | modular_fm_transmitter | — | — |
| electrolink | modular_fm_transmitter | — | — |
| electrolink | modular_fm_transmitter | — | — |
| electrolink | modular_fm_transmitter | — | — |
| electrolink | modular_fm_transmitter | — | — |
| electrolink | modular_fm_transmitter | — | — |
| electrolink | uhf_tv_transmitter | 10W – 5kW | — |
| electrolink | vhf_tv_transmitter | — | — |
| electrolink | vhf_tv_transmitter | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Electrolink FM/DAB/TV Transmitter
cisa_ics·2024-04-16·CVSS 8.7
[HIGH] Electrolink FM/DAB/TV Transmitter
ICS Advisory
##
Electrolink FM/DAB/TV Transmitter
Release DateApril 16, 2024
Alert CodeICSA-24-107-02
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.8
- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
- Vendor: Electrolink
- Equipment: FM/DAB/TV Transmitter
- Vulnerabilities: Authentication Bypass by Assumed-Immutable Data, Reliance on Cookies without Validation and Integrity Checking, Missing Authentication for Critical Function, Cleartext Storage of Sensitive Information
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to obtain full system access, keep the device from transmitting, escalate privileges, change credentials, and execute arbitrary code.
## 3. TECHNICAL DETAILS
GHSA
GHSA-xww2-7grc-g9mp: The devices allow access to an unprotected endpoint that allows MPFS
file system binary image upload without authentication
ghsa_unreviewed·2024-04-19
CVE-2024-1491 [HIGH] CWE-306 GHSA-xww2-7grc-g9mp: The devices allow access to an unprotected endpoint that allows MPFS
file system binary image upload without authentication
The devices allow access to an unprotected endpoint that allows MPFS
file system binary image upload without authentication. The MPFS2 file
system module provides a light-weight read-only file system that can be
stored in external EEPROM, external serial flash, or internal flash
program memory. This file system serves as the basis for the HTTP2 web
server module, but is also used by the SNMP module and is available to
other applications that require basic read-only storage capabilities.
This can be exploited to overwrite the flash program memory that holds
the web server's main interfaces and execute arbitrary code.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-04-18
Published