CyberSecurityBoard
Sponsor Register Login

EuroTel ETL3100 Radio Transmitter

RISK EVALUATION. Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to gain full access to the system, disclose sensitive information, or access hidden resources.
EuroTel ETL3100 versions v01c01 and v01x37 does not limit the number of attempts to guess administrative credentials in remote password attacks to gain full control of the system.
CVE-2023-6928 has been assigned to this vulnerability.
EuroTel ETL3100 versions v01c01 and v01x37 are vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input.
As a result of this vulnerability, attackers can bypass authorization, access the hidden resources on the system, and execute privileged functionalities.
CVE-2023-6929 has been assigned to this vulnerability.
EuroTel ETL3100 versions v01c01 and v01x37 suffer from an unauthenticated configuration and log download vulnerability.
CVE-2023-6930 has been assigned to this vulnerability.
3.3 BACKGROUND 3.4 RESEARCHER. CISA discovered a public proof of concept as authored by Gjoko Krstic.
MITIGATIONS. EuroTel has not responded to requests to work with CISA to mitigate these vulnerabilities.
Users of affected versions of ETL3100 are invited to contact EuroTel customer support for additional information.
Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Locate control system networks and remote devices behind firewalls and isolating them from business networks.
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.
Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.


This Cyber News was published on www.cisa.gov. Publication date: Tue, 19 Dec 2023 17:10:05 +0000


Cyber News related to EuroTel ETL3100 Radio Transmitter

EuroTel ETL3100 Radio Transmitter - RISK EVALUATION. Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to gain full access to the system, disclose sensitive information, or access hidden resources. EuroTel ETL3100 versions v01c01 and v01x37 does ...
11 months ago Cisa.gov
CVE-2017-17910 - On Hoermann BiSecur devices before 2018, a vulnerability can be exploited by recording a single radio transmission. An attacker can intercept an arbitrary radio frame exchanged between a BiSecur transmitter and a receiver to obtain the encrypted ...
5 years ago
This tiny device is sending updated iPhones into a never-ending DoS loop - One morning two weeks ago, security researcher Jeroen van der Ham was traveling by train in the Netherlands when his iPhone suddenly displayed a series of pop-up windows that made it nearly impossible to use his device. "My phone was getting these ...
1 year ago Arstechnica.com
Iranian cyberspies target US defense orgs with new backdoor The Register - Iranian cyberspies are targeting defense industrial base organizations with a new backdoor called FalseFont, according to Microsoft. Hundreds of e-commerce sites compromised by card stealers. Cyber crooks compromised 443 online shops, using ...
11 months ago Go.theregister.com
CVE-2017-9649 - A Use of Hard-Coded Cryptographic Key issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants (including RSD31-AM Package), DRM-1/2 and variants (including Solar PWR Package), DRM ...
5 years ago
The Hundred-Year Battle for India's Radio Airwaves - Modi himself has said that when the show began, "I had decided it would not carry anything political or any praise for the government, or for Modi for that matter." Opponents and civil society have accused Modi of using the airwaves to push his ...
1 year ago Wired.com
American Radio Relay League cyberattack takes Logbook of the World offline - The American Radio Relay League warns it suffered a cyberattack, which disrupted its IT systems and online operations, including email and the Logbook of the World. ARRL is the national association for amateur radio in the United States, representing ...
6 months ago Bleepingcomputer.com
CVE-2024-53980 - RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. A malicious actor can send a IEEE 802.15.4 packet with spoofed length byte and optionally ...
3 days ago Tenable.com
CVE-2023-6930 - EuroTel ETL3100 versions v01c01 and v01x37 suffer from an unauthenticated configuration and log download vulnerability. This enables the attacker to disclose sensitive information and assist in authentication bypass, privilege escalation, and full ...
11 months ago Tenable.com
CVE-2023-6929 - EuroTel ETL3100 versions v01c01 and v01x37 are vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers can bypass ...
11 months ago Tenable.com
CVE-2023-6928 - EuroTel ETL3100 versions v01c01 and v01x37 does not limit the number of attempts to guess administrative credentials in remote password attacks to gain full control of the system. ...
11 months ago Tenable.com
Canada declares Flipper Zero public enemy No. 1 in car-theft crackdown - Canadian Prime Minister Justin Trudeau has identified an unlikely public enemy No. 1 in his new crackdown on car theft: the Flipper Zero, a $200 piece of open source hardware used to capture, analyze and interact with simple radio communications. In ...
9 months ago Arstechnica.com
Wireless Visibility: The MUST for Zero Trust - Without addressing the wireless problem, our Zero Trust posture is incomplete. Wireless devices number in the tens of billions worldwide, and their presence continues to grow. All of these devices have the potential to connect to our networks in some ...
9 months ago Cybersecurity-insiders.com
CVE-2017-9645 - An Inadequate Encryption Strength issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPam Transmitter f/DMC 2000, RDS-31 iTX and variants (including RSD31-AM Package), DRM-1/2 and variants (including Solar PWR Package), DRM and ...
5 years ago
CVE-2023-39695 - Insufficient session expiration in Elenos ETG150 FM Transmitter v3.12 allows attackers to arbitrarily change transmitter configuration and data after logging out. ...
1 year ago
CVE-2024-9692 - VIMESA VHF/FM Transmitter Blue Plus is suffering from a Denial-of-Service (DoS) vulnerability. An unauthenticated attacker can issue an unauthorized HTTP GET request to the unprotected endpoint 'doreboot' and restart the transmitter operations. ...
1 month ago Tenable.com
CVE-2008-6325 - Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) radio parameter to showcategory.php, (2) msg parameter to advertisers/signinform.php, (3) ...
7 years ago
CVE-2018-7080 - A vulnerability exists in the firmware of embedded BLE radios that are part of some Aruba Access points. An attacker who is able to exploit the vulnerability could install new, potentially malicious firmware into the AP's BLE radio and could then ...
4 years ago
CVE-2019-14759 - An issue was discovered in KaiOS 1.0, 2.5, and 2.5.1. The pre-installed Radio application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Radio application. At a bare minimum, this allows an ...
3 years ago
CVE-2024-1042 - The WP Radio – Worldwide Online Radio Stations Directory for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 3.1.9. ...
7 months ago Tenable.com
Amplifying Connection and Embracing Collaboration Through Volunteering at Mix 92.6 Community Radio - At Cisco, we often talk about the power of collaboration and connectivity. My experience volunteering at Mix 92.6, a community radio station, has shown me first-hand how the spirit of collaboration brings communities together and transforms lives, ...
11 months ago Feedpress.me
Bastille Raises $44M Series C Investment Led by Goldman Sachs Asset Management - PRESS RELEASE. Santa Cruz, CA - Jan. 25, 2024 - Bastille Networks, Inc., a leading supplier of wireless threat intelligence technology to high-tech, banking, and the intelligence community, is pleased to announce a Series C investment of $44 million, ...
10 months ago Darkreading.com
CVE-2019-12762 - Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface of a coffee-shop table, aka Ghost Touch. ...
2 years ago
CVE-2014-4895 - The Herpin Time Radio (aka com.herpin.time.radio) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. ...
10 years ago
CVE-2014-7731 - The Radio de la Cato (aka com.radio.de.la.cato) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. ...
9 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)