{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3741", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2024-04-12T19:35:17.605Z", "datePublished": "2024-04-18T22:04:46.300Z", "dateUpdated": "2024-08-01T20:20:01.174Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Compact DAB Transmitter", "vendor": "Electrolink", "versions": [{"status": "affected", "version": "10W"}, {"status": "affected", "version": "100W"}, {"status": "affected", "version": "250W"}]}, {"defaultStatus": "unaffected", "product": "Medium DAB Transmitter", "vendor": "Electrolink", "versions": [{"status": "affected", "version": "500W"}, {"status": "affected", "version": "1kW"}, {"status": "affected", "version": "2kW"}]}, {"defaultStatus": "unaffected", "product": "High Power DAB Transmitter", "vendor": "Electrolink", "versions": [{"status": "affected", "version": "2.5kW"}, {"status": "affected", "version": "3kW"}, {"status": "affected", "version": "4kW"}, {"status": "affected", "version": "5kW"}]}, {"defaultStatus": "unaffected", "product": "Compact FM Transmitter", "vendor": "Electrolink", "versions": [{"status": "affected", "version": "Compact FM Transmitter"}, {"status": "affected", "version": "500W"}, {"status": "affected", "version": "1kW"}, {"status": "affected", "version": "2kW"}]}, {"defaultStatus": "unaffected", "product": "Modular FM Transmitter", "vendor": "Electrolink", "versions": [{"status": "affected", "version": "3kW"}, {"status": "affected", "version": "5kW"}, {"status": "affected", "version": "10kW"}, {"status": "affected", "version": "15kW"}, {"status": "affected", "version": "20kW"}, {"status": "affected", "version": "30kW"}]}, {"defaultStatus": "unaffected", "product": "Digital FM Transmitter", "vendor": "Electrolink", "versions": [{"lessThanOrEqual": "40kW", "status": "affected", "version": "15W", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "VHF TV Transmitter", "vendor": "Electrolink", "versions": [{"status": "affected", "version": "BI"}, {"status": "affected", "version": "BIII"}]}, {"defaultStatus": "unaffected", "product": "UHF TV Transmitter", "vendor": "Electrolink", "versions": [{"lessThanOrEqual": "5kW", "status": "affected", "version": "10W", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Gjoko Krstic publicly reported these vulnerabilities on the internet after an unsuccessful attempt to contact Electrolink directly."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Electrolink transmitters are vulnerable to an authentication bypass \nvulnerability affecting the login cookie. An attacker can set an \narbitrary value except 'NO' to the login cookie and have full system \naccess."}], "value": "Electrolink transmitters are vulnerable to an authentication bypass \nvulnerability affecting the login cookie. An attacker can set an \narbitrary value except 'NO' to the login cookie and have full system \naccess."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-302", "description": "CWE-302", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2024-05-28T16:40:14.630Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02"}], "source": {"advisory": "ICSA-24-107-02", "discovery": "EXTERNAL"}, "title": "Electrolink FM/DAB/TV Transmitter Authentication Bypass by Assumed-Immutable Data", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact <a target=\"_blank\" rel=\"nofollow\" href=\"https://electrolink.com/contacts/\">Electrolink</a> for additional information.\n\n<br>"}], "value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact Electrolink https://electrolink.com/contacts/ for additional information."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3741", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-29T18:54:30.103942Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:electrolink:medium_dab_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "medium dab transmitter", "versions": [{"status": "affected", "version": "2kW"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:electrolink:uhf_tv_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "uhf tv transmitter", "versions": [{"status": "affected", "version": "10W"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:electrolink:high_power_dab_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "high power dab transmitter", "versions": [{"status": "affected", "version": "5kW"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:electrolink:compact_dab_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "compact dab transmitter", "versions": [{"status": "affected", "version": "250W"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:electrolink:compact_fm_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "compact fm transmitter", "versions": [{"status": "affected", "version": "2kW"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:electrolink:modular_fm_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "modular fm transmitter", "versions": [{"status": "affected", "version": "30kW"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:electrolink:digital_fm_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "digital fm transmitter", "versions": [{"status": "affected", "version": "15W"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:electrolink:vhf_tv_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "vhf tv transmitter", "versions": [{"status": "affected", "version": "BI"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:32:28.173Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:20:01.174Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:20:01.174Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3741", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-29T18:54:30.103942Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:electrolink:medium_dab_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "medium dab transmitter", "versions": [{"status": "affected", "version": "2kW"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:electrolink:uhf_tv_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "uhf tv transmitter", "versions": [{"status": "affected", "version": "10W"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:electrolink:high_power_dab_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "high power dab transmitter", "versions": [{"status": "affected", "version": "5kW"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:electrolink:compact_dab_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "compact dab transmitter", "versions": [{"status": "affected", "version": "250W"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:electrolink:compact_fm_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "compact fm transmitter", "versions": [{"status": "affected", "version": "2kW"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:electrolink:modular_fm_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "modular fm transmitter", "versions": [{"status": "affected", "version": "30kW"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:electrolink:digital_fm_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "digital fm transmitter", "versions": [{"status": "affected", "version": "15W"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:electrolink:vhf_tv_transmitter:*:*:*:*:*:*:*:*"], "vendor": "electrolink", "product": "vhf tv transmitter", "versions": [{"status": "affected", "version": "BI"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-29T18:38:51.564Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Electrolink FM/DAB/TV Transmitter Authentication Bypass by Assumed-Immutable Data", "source": {"advisory": "ICSA-24-107-02", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Gjoko Krstic publicly reported these vulnerabilities on the internet after an unsuccessful attempt to contact Electrolink directly."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Electrolink", "product": "Compact DAB Transmitter", "versions": [{"status": "affected", "version": "10W"}, {"status": "affected", "version": "100W"}, {"status": "affected", "version": "250W"}], "defaultStatus": "unaffected"}, {"vendor": "Electrolink", "product": "Medium DAB Transmitter", "versions": [{"status": "affected", "version": "500W"}, {"status": "affected", "version": "1kW"}, {"status": "affected", "version": "2kW"}], "defaultStatus": "unaffected"}, {"vendor": "Electrolink", "product": "High Power DAB Transmitter", "versions": [{"status": "affected", "version": "2.5kW"}, {"status": "affected", "version": "3kW"}, {"status": "affected", "version": "4kW"}, {"status": "affected", "version": "5kW"}], "defaultStatus": "unaffected"}, {"vendor": "Electrolink", "product": "Compact FM Transmitter", "versions": [{"status": "affected", "version": "Compact FM Transmitter"}, {"status": "affected", "version": "500W"}, {"status": "affected", "version": "1kW"}, {"status": "affected", "version": "2kW"}], "defaultStatus": "unaffected"}, {"vendor": "Electrolink", "product": "Modular FM Transmitter", "versions": [{"status": "affected", "version": "3kW"}, {"status": "affected", "version": "5kW"}, {"status": "affected", "version": "10kW"}, {"status": "affected", "version": "15kW"}, {"status": "affected", "version": "20kW"}, {"status": "affected", "version": "30kW"}], "defaultStatus": "unaffected"}, {"vendor": "Electrolink", "product": "Digital FM Transmitter", "versions": [{"status": "affected", "version": "15W", "versionType": "custom", "lessThanOrEqual": "40kW"}], "defaultStatus": "unaffected"}, {"vendor": "Electrolink", "product": "VHF TV Transmitter", "versions": [{"status": "affected", "version": "BI"}, {"status": "affected", "version": "BIII"}], "defaultStatus": "unaffected"}, {"vendor": "Electrolink", "product": "UHF TV Transmitter", "versions": [{"status": "affected", "version": "10W", "versionType": "custom", "lessThanOrEqual": "5kW"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02"}], "workarounds": [{"lang": "en", "value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact Electrolink https://electrolink.com/contacts/ for additional information.", "supportingMedia": [{"type": "text/html", "value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact <a target=\"_blank\" rel=\"nofollow\" href=\"https://electrolink.com/contacts/\">Electrolink</a> for additional information.\n\n<br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Electrolink transmitters are vulnerable to an authentication bypass \nvulnerability affecting the login cookie. An attacker can set an \narbitrary value except 'NO' to the login cookie and have full system \naccess.", "supportingMedia": [{"type": "text/html", "value": "Electrolink transmitters are vulnerable to an authentication bypass \nvulnerability affecting the login cookie. An attacker can set an \narbitrary value except 'NO' to the login cookie and have full system \naccess.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-302", "description": "CWE-302"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2024-05-28T16:40:14.630Z"}}}, "cveMetadata": {"cveId": "CVE-2024-3741", "state": "PUBLISHED", "dateUpdated": "2024-08-01T20:20:01.174Z", "dateReserved": "2024-04-12T19:35:17.605Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2024-04-18T22:04:46.300Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "Electrolink transmitters are vulnerable to an authentication bypass \nvulnerability affecting the login cookie. An attacker can set an \narbitrary value except 'NO' to the login cookie and have full system \naccess."}, {"lang": "es", "value": "Los transmisores Electrolink son afectados una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n que afecta la cookie de inicio de sesi\u00f3n. Un atacante puede establecer un valor arbitrario excepto 'NO' para la cookie de inicio de sesi\u00f3n y tener acceso completo al sistema."}], "id": "CVE-2024-3741", "lastModified": "2024-11-21T09:30:17.370", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "NONE", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "NONE"}, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2024-04-18T22:15:10.603", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-302"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}

{}