Electrolink FM/DAB/TV Transmitter devices with web versions 01.09, 01.08, 01.07, display versions 1.4, 1.2, and control unit versions 01.06, 01.04, 01.03 are vulnerable to a pre-authentication remote code execution flaw. An attacker can exploit this vulnerability by uploading a malicious MPFS image, leading to the execution of arbitrary code on the affected device.
Electrolink FM/DAB/TV Transmitter devices are prone to a credentials disclosure vulnerability. Attackers can exploit this issue to gain unauthorized access to sensitive information such as login credentials. This vulnerability affects various versions of Electrolink transmitters including Compact DAB Transmitter, Medium DAB Transmitter, High Power DAB Transmitter, Compact FM Transmitter, Modular FM Transmitter, Digital FM Transmitter, VHF TV Transmitter, and UHF TV Transmitter.
The R Radio FM Transmitter version 1.07 is vulnerable to an improper access control issue that allows unauthenticated users to access the system.cgi endpoint and reveal the plaintext password of the admin user, facilitating authentication bypass and unauthorized access to FM station setup.
The Electrolink FM/DAB/TV Transmitter devices are prone to an authentication bypass vulnerability. This issue allows remote attackers to access the devices without proper authentication, potentially leading to unauthorized control or access to sensitive information. This vulnerability has been assigned CVE-XXXXX.
Electrolink FM/DAB/TV Transmitter devices are prone to a credentials disclosure vulnerability. Attackers can access sensitive information such as login credentials by directly visiting certain web pages like login.htm and mail.htm on the affected devices.
The R Radio FM Transmitter 1.07 system.cgi endpoint has an improper access control vulnerability that allows unauthenticated users to access and reveal the clear-text password of the admin user. This disclosure enables attackers to bypass authentication and gain unauthorized access to the FM station setup.
The R Radio FM Transmitter 1.07 system.cgi endpoint has an improper access control vulnerability that allows unauthenticated users to access and reveal the clear-text password of the admin user. This disclosure enables attackers to bypass authentication and gain unauthorized access to the FM station setup.
odCMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The pagetool-1.07 version is vulnerable to a remote SQL injection. This can be exploited by an attacker by sending a specially crafted request to the index.php file with a malicious payload in the 'name' parameter. This allows the attacker to retrieve sensitive information from the database.
It has been reported that the Digital Reality Game engine is prone to a remote denial of service vulnerability. This issue is due to a failure of the application to validate packet data size input supplied by a client. The immediate consequences of a successful attack will cause the affected server to crash. It has been conjectured that this issue may also be leveraged to execute arbitrary code in the context of the affected application, however this has not been verified.
Services By CQR