mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
251 lines
11 KiB
JSON
251 lines
11 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-22179",
|
|
"ASSIGNER": "ics-cert@hq.dhs.gov",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "The application is vulnerable to an unauthenticated parameter \nmanipulation that allows an attacker to set the credentials to blank \ngiving her access to the admin panel. Also vulnerable to account \ntakeover and arbitrary password change."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-302",
|
|
"cweId": "CWE-302"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Electrolink",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Compact DAB Transmitter",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "10W"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "100W"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "250W"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Medium DAB Transmitter",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "500W"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "1kW"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "2kW"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "High Power DAB Transmitter",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "2.5kW"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "3kW"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "4kW"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "5kW"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Compact FM Transmitter",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "Compact FM Transmitter"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "500W"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "1kW"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "2kW"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Modular FM Transmitter",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "3kW"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "5kW"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "10kW"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "15kW"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "20kW"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "30kW"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Digital FM Transmitter",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "15W",
|
|
"version_value": "40kW"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "VHF TV Transmitter",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "BI"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "BIII"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "UHF TV Transmitter",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "<=",
|
|
"version_name": "10W",
|
|
"version_value": "5kW"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02",
|
|
"refsource": "MISC",
|
|
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02"
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "Vulnogram 0.1.0-dev"
|
|
},
|
|
"source": {
|
|
"advisory": "ICSA-24-107-02",
|
|
"discovery": "EXTERNAL"
|
|
},
|
|
"work_around": [
|
|
{
|
|
"lang": "en",
|
|
"supportingMedia": [
|
|
{
|
|
"base64": false,
|
|
"type": "text/html",
|
|
"value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact <a target=\"_blank\" rel=\"nofollow\" href=\"https://electrolink.com/contacts/\">Electrolink</a> for additional information.\n\n<br>"
|
|
}
|
|
],
|
|
"value": "Electrolink has not responded to requests to work with CISA to mitigate \nthese vulnerabilities. Users of the affected products are encouraged to \ncontact Electrolink https://electrolink.com/contacts/ for additional information."
|
|
}
|
|
],
|
|
"credits": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Gjoko Krstic publicly reported these vulnerabilities on the internet after an unsuccessful attempt to contact Electrolink directly."
|
|
}
|
|
],
|
|
"impact": {
|
|
"cvss": [
|
|
{
|
|
"attackComplexity": "LOW",
|
|
"attackVector": "NETWORK",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 7.5,
|
|
"baseSeverity": "HIGH",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "HIGH",
|
|
"privilegesRequired": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"userInteraction": "NONE",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
|
|
"version": "3.1"
|
|
}
|
|
]
|
|
}
|
|
} |