cbcvebase.
CVE-2024-21872
published 2024-04-18

CVE-2024-21872: The device allows an unauthenticated attacker to bypass authentication and modify the cookie to reveal hidden pages that allows more critical operations to the…

PriorityP352high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.55%
41.9th percentile
The device allows an unauthenticated attacker to bypass authentication and modify the cookie to reveal hidden pages that allows more critical operations to the transmitter.

Affected

24 ranges
VendorProductVersion rangeFixed in
electrolinkcompact_dab_transmitter
electrolinkcompact_dab_transmitter
electrolinkcompact_dab_transmitter
electrolinkcompact_fm_transmitter
electrolinkcompact_fm_transmitter
electrolinkcompact_fm_transmitter
electrolinkcompact_fm_transmitter
electrolinkdigital_fm_transmitter15W – 40kW
electrolinkhigh_power_dab_transmitter
electrolinkhigh_power_dab_transmitter
electrolinkhigh_power_dab_transmitter
electrolinkhigh_power_dab_transmitter
electrolinkmedium_dab_transmitter
electrolinkmedium_dab_transmitter
electrolinkmedium_dab_transmitter
electrolinkmodular_fm_transmitter
electrolinkmodular_fm_transmitter
electrolinkmodular_fm_transmitter
electrolinkmodular_fm_transmitter
electrolinkmodular_fm_transmitter
electrolinkmodular_fm_transmitter
electrolinkuhf_tv_transmitter10W – 5kW
electrolinkvhf_tv_transmitter
electrolinkvhf_tv_transmitter

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.