CVE-2024-1491
Published: Apr 18, 2024
Modified: Aug 1, 2024
CVSS v3.1
7.5
Description
The devices allow access to an unprotected endpoint that allows MPFS file system binary image upload without authentication. The MPFS2 file system module provides a light-weight read-only file system that can be stored in external EEPROM, external serial flash, or internal flash program memory. This file system serves as the basis for the HTTP2 web server module, but is also used by the SNMP module and is available to other applications that require basic read-only storage capabilities. This can be exploited to overwrite the flash program memory that holds the web server's main interfaces and execute arbitrary code.
| Vendor | Product | Versions |
|---|---|---|
Electrolink | Compact DAB Transmitter | affected 10Waffected 100Waffected 250W |
Electrolink | Medium DAB Transmitter | affected 500Waffected 1kWaffected 2kW |
Electrolink | High Power DAB Transmitter | affected 2.5kWaffected 3kWaffected 4kWaffected 5kW |
Electrolink | Compact FM Transmitter | affected Compact FM Transmitteraffected 500Waffected 1kWaffected 2kW |
Electrolink | Modular FM Transmitter | affected 3kWaffected 5kWaffected 10kWaffected 15kWaffected 20kW+1 more versions |
Electrolink | Digital FM Transmitter | affected 15W - <= 40kW |
Electrolink | VHF TV Transmitter | affected BIaffected BIII |
Electrolink | UHF TV Transmitter | affected 10W - <= 5kW |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now