EIP-2026-101708

PRE-CVE

Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101708. PoCs published by LiquidWorm.

AI-analyzed exploit summary The vulnerability involves hardcoded credentials in the 'controlloLogin.js' file of Electrolink FM/DAB/TV Transmitters, allowing unauthorized access. The exploit demonstrates how credentials are exposed in clear-text within the JavaScript file.

Description

Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure

Exploits (1)

exploitdb WRITEUP

by LiquidWorm · textwebappshardware

https://www.exploit-db.com/exploits/51771

View Code ZIP pw:eip

The vulnerability involves hardcoded credentials in the 'controlloLogin.js' file of Electrolink FM/DAB/TV Transmitters, allowing unauthorized access. The exploit demonstrates how credentials are exposed in clear-text within the JavaScript file.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Electrolink FM/DAB/TV Transmitters (Web version: 01.09, 01.08, 01.07; Firmware version: 2.1)

No auth needed

Prerequisites: Network access to the device's web interface

MITRE ATT&CK

T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026