CVE-2024-3742
published 2024-04-18CVE-2024-3742: Electrolink transmitters store credentials in clear-text. Use of these credentials could allow an attacker to access the system.
PriorityP352high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
1.43%
69.7th percentile
Electrolink transmitters store credentials in clear-text. Use of these credentials could allow an attacker to access the system.
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| electrolink | compact_dab_transmitter | — | — |
| electrolink | compact_dab_transmitter | — | — |
| electrolink | compact_dab_transmitter | — | — |
| electrolink | compact_fm_transmitter | — | — |
| electrolink | compact_fm_transmitter | — | — |
| electrolink | compact_fm_transmitter | — | — |
| electrolink | compact_fm_transmitter | — | — |
| electrolink | digital_fm_transmitter | 15W – 40kW | — |
| electrolink | high_power_dab_transmitter | — | — |
| electrolink | high_power_dab_transmitter | — | — |
| electrolink | high_power_dab_transmitter | — | — |
| electrolink | high_power_dab_transmitter | — | — |
| electrolink | medium_dab_transmitter | — | — |
| electrolink | medium_dab_transmitter | — | — |
| electrolink | medium_dab_transmitter | — | — |
| electrolink | modular_fm_transmitter | — | — |
| electrolink | modular_fm_transmitter | — | — |
| electrolink | modular_fm_transmitter | — | — |
| electrolink | modular_fm_transmitter | — | — |
| electrolink | modular_fm_transmitter | — | — |
| electrolink | modular_fm_transmitter | — | — |
| electrolink | uhf_tv_transmitter | 10W – 5kW | — |
| electrolink | vhf_tv_transmitter | — | — |
| electrolink | vhf_tv_transmitter | — | — |
Detection & IOCsextracted from sources · hover to see the quote
yara↗
user\s*==\s*'([^']*)'\s*&&\s*password\s*==\s*'([^']*)'
- →Send an unauthenticated HTTP GET request to /controlloLogin.js on Electrolink transmitters. A vulnerable response will return HTTP 200 with Content-Type application/x-javascript and a body containing cleartext credentials in the pattern: user == '<creds>' && password == '<creds>'. ↗
- →Match response body for the strings 'user==' and 'password==' to confirm credential disclosure in controlloLogin.js. ↗
- →Use FOFA query 'Electrolink s.r.l.' to identify internet-exposed Electrolink transmitter management interfaces for targeted scanning. ↗
- →Extract cleartext credentials from the response body using the regex: user\s*==\s*'([^']*)'\s*&&\s*password\s*==\s*'([^']*)' ↗
- ·No authentication is required to exploit this vulnerability; the credentials file is publicly accessible to any network-reachable attacker. ↗
- ·Credentials are stored in cleartext (CWE-312) within a JavaScript file, meaning any intercepted or directly fetched copy of controlloLogin.js exposes valid system credentials. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Electrolink FM/DAB/TV Transmitter
cisa_ics·2024-04-16·CVSS 8.7
[HIGH] Electrolink FM/DAB/TV Transmitter
ICS Advisory
##
Electrolink FM/DAB/TV Transmitter
Release DateApril 16, 2024
Alert CodeICSA-24-107-02
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.8
- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
- Vendor: Electrolink
- Equipment: FM/DAB/TV Transmitter
- Vulnerabilities: Authentication Bypass by Assumed-Immutable Data, Reliance on Cookies without Validation and Integrity Checking, Missing Authentication for Critical Function, Cleartext Storage of Sensitive Information
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to obtain full system access, keep the device from transmitting, escalate privileges, change credentials, and execute arbitrary code.
## 3. TECHNICAL DETAILS
GHSA
GHSA-q9cj-qf3m-4wrv: Electrolink transmitters store credentials in clear-text
ghsa_unreviewed·2024-04-19
CVE-2024-3742 [HIGH] CWE-312 GHSA-q9cj-qf3m-4wrv: Electrolink transmitters store credentials in clear-text
Electrolink transmitters store credentials in clear-text. Use of these credentials could allow an attacker to access the system.
No detection rules found.
Nuclei
Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure
nuclei·CVSS 8.7
CVE-2024-3742 [HIGH] Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure
Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure
Electrolink transmitters store credentials in clear-text. Use of these credentials could allow an attacker to access the system.
Template:
id: CVE-2024-3742
info:
name: Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure
author: Farish
severity: high
description: |
Electrolink transmitters store credentials in clear-text. Use of these credentials could allow an attacker to access the system.
impact: |
Unauthenticated attackers can access cleartext credentials stored in controlloLogin.js, allowing system access.
remediation: |
Update Electrolink FM/DAB/TV Transmitter to a version that encrypts credentials properly.
reference:
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-
No writeups or analysis indexed.
2024-04-18
Published