CVE-2025-28228

HIGH NUCLEI

Electrolink FM/DAB/TV Transmitter - Credentials Disclosure

Title source: nuclei

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-28228. PoCs published by iSee857. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository contains functional exploit code for CVE-2026-22812, demonstrating a command execution vulnerability in OpenCode. The script sends a crafted JSON payload to the target's session endpoint, then executes a command via the shell endpoint, verifying success by checking for 'uid=' and 'gid=' in the response.

Description

A credential exposure vulnerability in Electrolink 500W, 1kW, 2kW Medium DAB Transmitter Web v01.09, v01.08, v01.07, and Display v1.4, v1.2 allows unauthorized attackers to access credentials in plaintext.

Exploits (1)

github WORKING POC 40 stars

by iSee857 · pythonpoc

https://github.com/iSee857/CVE-PoC/tree/main/electrolink-CVE-2025-28228-InfoLeak.py

View Code ZIP pw:eip

The repository contains functional exploit code for CVE-2026-22812, demonstrating a command execution vulnerability in OpenCode. The script sends a crafted JSON payload to the target's session endpoint, then executes a command via the shell endpoint, verifying success by checking for 'uid=' and 'gid=' in the response.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: OpenCode (version not specified)

No auth needed

Prerequisites: Network access to the target · Target must be running a vulnerable version of OpenCode

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 27, 2026 Full analysis →

Nuclei Templates (1)

Electrolink FM/DAB/TV Transmitter - Credentials Disclosure

HIGHVERIFIEDby DhiyaneshDk

Shodan: http.title:"Electrolink"

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-28228

View Exploit ZIP pw:eip

Scores

CVSS v3 7.5

EPSS 0.0160

EPSS Percentile 72.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-522

Status published

Products (1)

electrolink/fm\/dab\/tv_transmitter_web_management_system

Published Apr 18, 2025

Tracked Since Feb 18, 2026