CVE-2024-22179
published 2024-04-18CVE-2024-22179: The application is vulnerable to an unauthenticated parameter manipulation that allows an attacker to set the credentials to blank giving her access to the…
PriorityP349high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EPSS
0.39%
30.9th percentile
The application is vulnerable to an unauthenticated parameter
manipulation that allows an attacker to set the credentials to blank
giving her access to the admin panel. Also vulnerable to account
takeover and arbitrary password change.
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| electrolink | compact_dab_transmitter | — | — |
| electrolink | compact_dab_transmitter | — | — |
| electrolink | compact_dab_transmitter | — | — |
| electrolink | compact_fm_transmitter | — | — |
| electrolink | compact_fm_transmitter | — | — |
| electrolink | compact_fm_transmitter | — | — |
| electrolink | compact_fm_transmitter | — | — |
| electrolink | digital_fm_transmitter | 15W – 40kW | — |
| electrolink | high_power_dab_transmitter | — | — |
| electrolink | high_power_dab_transmitter | — | — |
| electrolink | high_power_dab_transmitter | — | — |
| electrolink | high_power_dab_transmitter | — | — |
| electrolink | medium_dab_transmitter | — | — |
| electrolink | medium_dab_transmitter | — | — |
| electrolink | medium_dab_transmitter | — | — |
| electrolink | modular_fm_transmitter | — | — |
| electrolink | modular_fm_transmitter | — | — |
| electrolink | modular_fm_transmitter | — | — |
| electrolink | modular_fm_transmitter | — | — |
| electrolink | modular_fm_transmitter | — | — |
| electrolink | modular_fm_transmitter | — | — |
| electrolink | uhf_tv_transmitter | 10W – 5kW | — |
| electrolink | vhf_tv_transmitter | — | — |
| electrolink | vhf_tv_transmitter | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3v49-294p-4c7w: The application is vulnerable to an unauthenticated parameter
manipulation that allows an attacker to set the credentials to blank
giving her access t
ghsa_unreviewed·2024-04-19
CVE-2024-22179 [HIGH] CWE-302 GHSA-3v49-294p-4c7w: The application is vulnerable to an unauthenticated parameter
manipulation that allows an attacker to set the credentials to blank
giving her access t
The application is vulnerable to an unauthenticated parameter
manipulation that allows an attacker to set the credentials to blank
giving her access to the admin panel. Also vulnerable to account
takeover and arbitrary password change.
CISA ICS
Electrolink FM/DAB/TV Transmitter
cisa_ics·2024-04-16·CVSS 8.7
[HIGH] Electrolink FM/DAB/TV Transmitter
ICS Advisory
##
Electrolink FM/DAB/TV Transmitter
Release DateApril 16, 2024
Alert CodeICSA-24-107-02
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.8
- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
- Vendor: Electrolink
- Equipment: FM/DAB/TV Transmitter
- Vulnerabilities: Authentication Bypass by Assumed-Immutable Data, Reliance on Cookies without Validation and Integrity Checking, Missing Authentication for Critical Function, Cleartext Storage of Sensitive Information
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to obtain full system access, keep the device from transmitting, escalate privileges, change credentials, and execute arbitrary code.
## 3. TECHNICAL DETAILS
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-04-18
Published