CVE-2024-21872

HIGH

Electrolink Compact Transmitters - Authentication Bypass

Title source: llm
STIX 2.1

Description

The device allows an unauthenticated attacker to bypass authentication and modify the cookie to reveal hidden pages that allows more critical operations to the transmitter.

References (1)

Core 1
Core References
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02

Scores

CVSS v3 7.5
EPSS 0.0055
EPSS Percentile 41.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-565
Status published
Products (24)
Electrolink/Compact DAB Transmitter 100W
Electrolink/Compact DAB Transmitter 10W
Electrolink/Compact DAB Transmitter 250W
Electrolink/Compact FM Transmitter 1kW
Electrolink/Compact FM Transmitter 2kW
Electrolink/Compact FM Transmitter 500W
Electrolink/Compact FM Transmitter Compact FM Transmitter
Electrolink/Digital FM Transmitter 15W - 40kW
Electrolink/High Power DAB Transmitter 2.5kW
Electrolink/High Power DAB Transmitter 3kW
... and 14 more
Published Apr 18, 2024
Tracked Since Feb 18, 2026