The cookie session ID is of insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session, bypass authentication, and manipulate the transmitter.
The cookie session ID is of insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session, bypass authentication, and manipulate the transmitter.
| Vendor | Product | Versions |
|---|---|---|
| Sielco | Analog FM transmitter | 2.12 (EXC5000GX), 2.12 (EXC120GX), 2.11 (EXC300GX), 2.10 (EXC1600GX), 2.10 (EXC2000GX), 2.08 (EXC1600GX), 2.08 (EXC1000GX), 2.07 (EXC3000GX), 2.06 (EXC5000GX), 1.7.7 (EXC30GT), 1.7.4 (EXC300GT), 1.7.4 (EXC100GT), 1.7.4 (EXC5000GT), 1.6.3 (EXC1000GT), 1.5.4 (EXC120GT) |
| Sielco | Radio Link | 2.06 (RTX19), 2.05 (RTX19), 2.00 (EXC19), 1.60 (RTX19), 1.59 (RTX19), 1.55 (EXC19) |
Not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog. EPSS is the best forward-looking signal — see the EPSS row above.
For the full vendor write-up, exploit chains, and reference implementations, see the references list in section 09.
Open the Sigma generator with a pre-filled prompt for this CVE to draft a starting detection in your stack of choice:
No directly-cited follow-up CVEs in the KB record for this advisory. The references list in section 09 carries the vendor cross-references.