Overview
The vulnerability, CVE-2025-51040, impacts the web management system of Electrolink’s FM/DAB/TV Transmitter. It allows unauthorized access via the /FrameSetCore.html endpoint, affecting a variety of Electrolink transmitters. This vulnerability is critical as it can potentially lead to a system compromise or data leakage.
Vulnerability Summary
CVE ID: CVE-2025-51040
Severity: High (7.5)
Attack Vector: Network
Privileges Required: None
User Interaction: None
Impact: Unauthorized access, potential system compromise, and data leakage
Affected Products
A new way to communicate
Ameeba Chat is built on encrypted identity, not personal profiles.
Message, call, share files, and coordinate with identities kept separate.
- • Encrypted identity
- • Ameeba Chat authenticates access
- • Aliases and categories
- • End-to-end encrypted chat, calls, and files
- • Secure notes for sensitive information
Private communication, rethought.
Product | Affected Versions
Electrolink 500W Medium DAB Transmitter Web | v01.09, v01.08, v01.07
Electrolink 1kW Medium DAB Transmitter Web | v01.09, v01.08, v01.07
Electrolink 2kW Medium DAB Transmitter Web | v01.09, v01.08, v01.07
Electrolink Display | v1.4, v1.2
How the Exploit Works
The vulnerability allows unauthorized access via a specific endpoint. Attackers can exploit this flaw by sending specially crafted requests to the /FrameSetCore.html endpoint. This can bypass security mechanisms and grant them unauthorized access to the system, potentially leading to data leakage or full system compromise.
Conceptual Example Code
Here is a conceptual example of how the vulnerability might be exploited. This could be a sample HTTP request, shell command, or pseudocode:
GET /FrameSetCore.html HTTP/1.1
Host: target.example.comThis request could potentially grant the attacker unauthorized access to the system. As always, this example code is provided for educational purposes and should never be used maliciously.