What is CVE-2024-3741?

CVE-2024-3741 is a high-severity vulnerability in Electrolink Compact Dab Transmitter, classified under Authentication Bypass by Assumed-Immutable Data. CVSS score: 7.5/10. Published 2024-04-18.

How severe is CVE-2024-3741?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Electrolink Compact Dab Transmitter

CVE-2024-3741

Electrolink transmitters are vulnerable to an authentication bypass vulnerability affecting the login cookie. An attacker can set an arbitrary value except 'NO' to the login cookie and have full system access.

EPSS: 0.000 (8.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.

Affected products

Electrolink Compact Dab Transmitter — versions 10W, 100W, 250W
Electrolink Compact Fm Transmitter — versions Compact FM Transmitter, 500W, 1kW
Electrolink Digital Fm Transmitter — versions 15W
Electrolink High Power Dab Transmitter — versions 2.5kW, 3kW, 4kW
Electrolink Medium Dab Transmitter — versions 500W, 1kW, 2kW
Electrolink Modular Fm Transmitter — versions 3kW, 5kW, 10kW
Electrolink Uhf Tv Transmitter — versions 10W
Electrolink Vhf Tv Transmitter — versions BI, BIII

Weakness classification (CWE)

CWE-302 — Authentication Bypass by Assumed-Immutable Data

References

www.cisa.gov/news-events/ics-advisories/icsa-24-107-02

Frequently asked questions

What is CVE-2024-3741?: CVE-2024-3741 is a high-severity vulnerability in Electrolink Compact Dab Transmitter, classified under Authentication Bypass by Assumed-Immutable Data. CVSS score: 7.5/10. Published 2024-04-18.
How severe is CVE-2024-3741?: High severity. CVSS v3 base score is 7.5 out of 10.