What is CVE-2024-22179?

CVE-2024-22179 is a high-severity vulnerability in Electrolink Compact Dab Transmitter, classified under Authentication Bypass by Assumed-Immutable Data. CVSS score: 7.5/10. Published 2024-04-18.

How severe is CVE-2024-22179?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Electrolink Compact Dab Transmitter

CVE-2024-22179

The application is vulnerable to an unauthenticated parameter manipulation that allows an attacker to set the credentials to blank giving her access to the admin panel. Also vulnerable to account takeover and arbitrary password change.

EPSS: 0.001 (22.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.

Affected products

Electrolink Compact Dab Transmitter — versions 10W, 100W, 250W
Electrolink Compact Fm Transmitter — versions Compact FM Transmitter, 500W, 1kW
Electrolink Digital Fm Transmitter — versions 15W
Electrolink High Power Dab Transmitter — versions 2.5kW, 3kW, 4kW
Electrolink Medium Dab Transmitter — versions 500W, 1kW, 2kW
Electrolink Modular Fm Transmitter — versions 3kW, 5kW, 10kW
Electrolink Uhf Tv Transmitter — versions 10W
Electrolink Vhf Tv Transmitter — versions BI, BIII

Weakness classification (CWE)

CWE-302 — Authentication Bypass by Assumed-Immutable Data

References

www.cisa.gov/news-events/ics-advisories/icsa-24-107-02

Frequently asked questions

What is CVE-2024-22179?: CVE-2024-22179 is a high-severity vulnerability in Electrolink Compact Dab Transmitter, classified under Authentication Bypass by Assumed-Immutable Data. CVSS score: 7.5/10. Published 2024-04-18.
How severe is CVE-2024-22179?: High severity. CVSS v3 base score is 7.5 out of 10.