admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2024/3xxx/CVE-2024-3741.json
CVE Team 7c5e9d4ed4
"-Synchronized-Data."
2024-05-28 17:00:35 +00:00

251 lines
11 KiB
JSON
Raw Blame History

{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-3741",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Electrolink transmitters are vulnerable to an authentication bypass \nvulnerability affecting the login cookie. An attacker can set an \narbitrary value except 'NO' to the login cookie and have full system \naccess."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-302",
"cweId": "CWE-302"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Electrolink",
"product": {
"product_data": [
{
"product_name": "Compact DAB Transmitter",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10W"
},
{
"version_affected": "=",
"version_value": "100W"
},
{
"version_affected": "=",
"version_value": "250W"
}
]
}
},
{
"product_name": "Medium DAB Transmitter",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "500W"
},
{
"version_affected": "=",
"version_value": "1kW"
},
{
"version_affected": "=",
"version_value": "2kW"
}
]
}
},
{
"product_name": "High Power DAB Transmitter",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.5kW"
},
{
"version_affected": "=",
"version_value": "3kW"
},
{
"version_affected": "=",
"version_value": "4kW"
},
{
"version_affected": "=",
"version_value": "5kW"
}
]
}
},
{
"product_name": "Compact FM Transmitter",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Compact FM Transmitter"
},
{
"version_affected": "=",
"version_value": "500W"
},
{
"version_affected": "=",
"version_value": "1kW"
},
{
"version_affected": "=",
"version_value": "2kW"
}
]
}
},
{
"product_name": "Modular FM Transmitter",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3kW"
},
{
"version_affected": "=",
"version_value": "5kW"
},
{
"version_affected": "=",
"version_value": "10kW"
},
{
"version_affected": "=",
"version_value": "15kW"
},
{
"version_affected": "=",
"version_value": "20kW"
},
{
"version_affected": "=",
"version_value": "30kW"
}
]
}
},
{
"product_name": "Digital FM Transmitter",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "15W",
"version_value": "40kW"
}
]
}
},
{
"product_name": "VHF TV Transmitter",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "BI"
},
{
"version_affected": "=",
"version_value": "BIII"
}
]
}
},
{
"product_name": "UHF TV Transmitter",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "10W",
"version_value": "5kW"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "ICSA-24-107-02",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact <a target=\"_blank\" rel=\"nofollow\" href=\"https://electrolink.com/contacts/\">Electrolink</a> for additional information.\n\n<br>"
}
],
"value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact Electrolink https://electrolink.com/contacts/ for additional information."
}
],
"credits": [
{
"lang": "en",
"value": "Gjoko Krstic publicly reported these vulnerabilities on the internet after an unsuccessful attempt to contact Electrolink directly."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
]
}
}
Reference in New Issue View Git Blame Copy Permalink