vendor:
Electrolink FM/DAB/TV Transmitter
by:
Anonymous
7.1
CVSS
HIGH
Credentials Disclosure
200
CWE
Product Name: Electrolink FM/DAB/TV Transmitter
Affected Version From: All versions up to the latest Web version: 01.09, Display version: 1.4, Control unit version: 01.06, Firmware version: 2.1
Affected Version To:
Patch Exists: NO
Related CWE: CVE-2021-XXXXX
CPE: h:electrolink:fm_dab_tv_transmitter
Platforms Tested: Windows, Linux, Mac
2021
Electrolink FM/DAB/TV Transmitter (controlloLogin.js) Credentials Disclosure
Electrolink FM/DAB/TV Transmitter devices are prone to a credentials disclosure vulnerability. Attackers can exploit this issue to gain access to sensitive information such as login credentials. This vulnerability affects multiple versions of the Electrolink transmitters including Compact DAB Transmitter, Medium DAB Transmitter, High Power DAB Transmitter, Compact FM Transmitter, Modular FM Transmitter, Digital FM Transmitter, VHF TV Transmitter, and UHF TV Transmitter.
Mitigation:
To mitigate this vulnerability, users are advised to restrict access to the controlloLogin.js file and implement proper access controls to prevent unauthorized disclosure of credentials.
