Etg150 Fm CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2023-34671	1 Elenos	2 Etg150 Fm, Etg150 Fm Firmware	2024-12-05	8.8 High
Improper Access Control leads to privilege escalation affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user's role in the user profile. An attack could occur over the public Internet in some cases.
CVE-2023-45396	1 Elenos	3 Etg150, Etg150 Firmware, Etg150 Fm	2024-11-21	6.5 Medium
An Insecure Direct Object Reference (IDOR) vulnerability leads to events profiles access in Elenos ETG150 FM transmitter running on version 3.12.
CVE-2023-39695	1 Elenos	3 Etg150, Etg150 Firmware, Etg150 Fm	2024-11-21	5.3 Medium
Insufficient session expiration in Elenos ETG150 FM Transmitter v3.12 allows attackers to arbitrarily change transmitter configuration and data after logging out.
CVE-2023-37832	1 Elenos	3 Etg150, Etg150 Firmware, Etg150 Fm	2024-11-21	7.5 High
A lack of rate limiting in Elenos ETG150 FM transmitter v3.12 allows attackers to obtain user credentials via brute force and cause other unspecified impacts.
CVE-2023-37831	1 Elenos	3 Etg150, Etg150 Firmware, Etg150 Fm	2024-11-21	5.3 Medium
An issue discovered in Elenos ETG150 FM transmitter v3.12 allows attackers to enumerate user accounts based on server responses when credentials are submitted.

Page 1 of 1.