CVE-2025-28228 Scanner

The Electrolink FM/DAB/TV Transmitter is used primarily in broadcasting settings by media companies and radio stations to transmit FM, DAB, and TV signals. These devices are utilized to enhance broadcasting capabilities and ensure effective coverage in intended areas. Typically deployed in both urban and rural settings, they are integral in maintaining continuous media transmission. Electrolink transmitters are favored for their robust performance and reliable signal quality, making them a choice for mainstream broadcasting operations. The system interfaces with various broadcasting components, enhancing overall signal strength and quality. Given their critical application, managing and securing these transmitters is of high priority to broadcasting entities.

Credential disclosure vulnerabilities involve unauthorized access to confidential information such as usernames and passwords. In this instance, the vulnerability is such that unauthorized attackers can gain access to login credentials in plaintext. This type of vulnerability can lead to unauthorized use or control of the affected system. Attackers might exploit this weakness to perform further attacks or disruptions using the compromised credentials. Protecting sensitive credentials and preventing unauthorized access is essential to maintaining the integrity of the system. This vulnerability can compromise not only individual devices but potentially wider network operations if exploited.

The vulnerability occurs in the web interface of the Electrolink FM/DAB/TV Transmitter where credentials are disclosed in plaintext. The issue is manifested specifically in the 'controlloLogin.js' endpoint, where critical authentication details such as usernames and passwords are inadequately protected. An attacker can gain access to the endpoint and retrieve sensitive information without authorization. Improper handling of user and password data contributes to this security flaw. Addressing this vulnerability requires reviewing and implementing proper encryption and access control measures for sensitive authentication data. Ongoing monitoring and patching of such vulnerabilities are necessary to protect the affected systems.

If this credential disclosure vulnerability is exploited, sensitive information such as usernames and passwords may be accessed by unauthorized individuals. This can lead to unauthorized access and control over the transmitter, potentially allowing malicious modifications or interruptions to broadcasting functions. Moreover, the exploitation could serve as a stepping stone for further attacks on the network, leveraging compromised credentials to infiltrate additional systems. Ultimately, such compromises undermine the trusted operations of broadcasting services and risk significant disruptions. The fallout may include loss of broadcasting integrity, legal liabilities, and reputational damage.

REFERENCES

• https://github.com/shiky8/my--cve-vulnerability-research/tree/main/CVE-2025-28228