CVE-2023-34672

HIGH

Elenos ETG150 FM <3.12 - Privilege Escalation

Title source: llm

Description

Improper Access Control leads to adding a high-privilege user affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user's role within the admin profile. An attack could occur over the public Internet in some cases.

References (2)

[Product] http://elenos.com

[Exploit, Third Party Advisory] https://strik3r.gitbook.io/strik3r-blog/security-research/cves-pocs/cve-2023-34672

Scores

CVSS v3 8.8

EPSS 0.0010

EPSS Percentile 27.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-281

Status published

Products (1)

elenos/etg150_firmware 3.12

Published Jun 23, 2023

Tracked Since Feb 18, 2026