Electrolink Modular Fm Transmitter
7 CVEs affecting Electrolink Modular Fm Transmitter. Latest disclosed: 2024-04-18. Critical: 0, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-22186 | High | 8.8 | 2024-04-18 | The application suffers from a privilege escalation vulnerability. An attacker logged in as guest can escalate his privileges by poisoning the cookie to beco… |
CVE-2024-3742 | High | 7.5 | 2024-04-18 | Electrolink transmitters store credentials in clear-text. Use of these credentials could allow an attacker to access the system. |
CVE-2024-1491 | High | 7.5 | 2024-04-18 | The devices allow access to an unprotected endpoint that allows MPFS file system binary image upload without authentication. The MPFS2 file system module pro… |
CVE-2024-21872 | High | 7.5 | 2024-04-18 | The device allows an unauthenticated attacker to bypass authentication and modify the cookie to reveal hidden pages that allows more critical operations to t… |
CVE-2024-22179 | High | 7.5 | 2024-04-18 | The application is vulnerable to an unauthenticated parameter manipulation that allows an attacker to set the credentials to blank giving her access to the a… |
CVE-2024-3741 | High | 7.5 | 2024-04-18 | Electrolink transmitters are vulnerable to an authentication bypass vulnerability affecting the login cookie. An attacker can set an arbitrary value except '… |
CVE-2024-21846 | Medium | 5.3 | 2024-04-18 | An unauthenticated attacker can reset the board and stop transmitter operations by sending a specially-crafted GET request to the command.cgi gateway, result… |