These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CISA published advisory ICSA-24-107-02 on April 16, 2024, disclosing that Electrolink FM/DAB/TV transmitters store credentials in clear-text. The vulnerability affects 24 product variants spanning DAB, FM, and TV transmitter lines. An attacker with network access could use these exposed credentials to gain unauthorized system access. Electrolink has not responded to CISA's coordination requests, and no ve [truncated]
CVE-2024-3741 is a HIGH severity authentication bypass vulnerability in Electrolink FM/DAB/TV transmitters, published on 2024-04-16. The vulnerability stems from improper session validation in the login cookie mechanism: an attacker can set an arbitrary value (any value except 'NO') to the login cookie to gain full system access without valid credentials. This represents a critical weakness in session man [truncated]
CVE-2024-22186 is a HIGH severity (CVSS 8.8) privilege escalation vulnerability in Electrolink FM/DAB/TV transmitters, published 2024-04-16. An attacker with guest-level access can escalate to administrator privileges by manipulating session cookies. The vulnerability affects 24 Electrolink transmitter products across DAB, FM, and TV broadcast lines, with all versions impacted. Electrolink has not respond [truncated]
CVE-2024-22179 is a HIGH severity authentication bypass vulnerability affecting Electrolink FM/DAB/TV transmitters, published by CISA on April 16, 2024. The vulnerability allows unauthenticated attackers to manipulate parameters to blank administrative credentials, enabling unauthorized access to the admin panel. The same flaw also permits account takeover and arbitrary password changes. The CVSS 3.1 scor [truncated]
CVE-2024-21872 is a HIGH severity (CVSS 7.5) authentication bypass vulnerability affecting 24 Electrolink FM/DAB/TV transmitter models. Published 2024-04-16 by CISA, this flaw allows unauthenticated attackers to bypass authentication by modifying cookies to access hidden administrative pages and perform critical transmitter operations. The vulnerability impacts broadcast infrastructure across DAB, FM, and [truncated]
CVE-2024-21846 is a medium-severity vulnerability affecting Electrolink FM/DAB/TV transmitters, published on April 16, 2024. An unauthenticated attacker can trigger a denial-of-service condition by sending a specially-crafted GET request to the command.cgi gateway, causing the board to reset and stopping transmitter operations. The vulnerability impacts 24 Electrolink transmitter models across DAB, FM, an [truncated]
A critical unauthenticated file upload vulnerability affects 24 Electrolink FM/DAB/TV transmitter models. The devices expose an unprotected endpoint allowing MPFS (Microchip Proprietary File System) binary image uploads without authentication. An attacker can exploit this to overwrite flash program memory containing the web server's main interfaces, leading to arbitrary code execution. The vulnerability s [truncated]