漏洞平台

POC详情： 13624b8c3cef75e79e4d7ae5d68e0b93f503514d

来源

https://github.com/p0et08/Electrolink-FM-DAB-TV

关联漏洞

标题： Electrolink FM/DAB/TV Transmitter Web Management System 安全漏洞 (CVE-2025-51040)
描述：Electrolink FM/DAB/TV Transmitter Web Management System是Electrolink公司的一个发射机网络管理系统。 Electrolink FM/DAB/TV Transmitter Web Management System存在安全漏洞，该漏洞源于通过/FrameSetCore.html端点可能导致未经授权的访问。

描述

There is a POC for CVE-2025-51040 in Electrolink FM/DAB/TV Transmitter Web Management System Unauthorized access vulnerability

介绍

# Electrolink-FM-DAB-TV For CVE-2025-51040
Electrolink FM/DAB/TV Transmitter Web Management System Unauthorized access vulnerability in Electrolink 500W, 1kW, 2kW Medium DAB Transmitter Web v01.09, v01.08, v01.07, and Display v1.4, v1.2 

## Description
Electrolink FM/DAB/TV Transmitter web management system is vulnerable to Unauthorized access.An attacker can enter the backend by visiting /FrameSetCore.html, leading to unauthorized administrative access and complete system compromise.

## Vendor of the Product(s)
Electrolink
## Vendor Homepage
<https://www.electrolink.com>
## Affected Product(s)/Code Base
Product: Electrolink FM/DAB/TV Transmitter Web Management System
## Vulnerable Endpoint
/FrameSetCore.html
## Attack Type
Insecure Permissions
## Impact
An unauthenticated attacker can access the /FrameSetCore.html file via HTTP, which  compromises system security and could lead to unauthorized access.

## Poc
`/FrameSetCore.html`

![](./poc-1.png)

![](./poc-2.png)

## Suggested Fixes
1 Access Control: Restrict access to sensitive files using authentication mechanisms.
2 Code Refactoring: Remove hard-coded credentials from JavaScript files.
3 Data Masking: Avoid storing sensitive information in client-side resources.
4 Security Review: Conduct a thorough security audit to detect similar vulnerabilities.
5 Monitoring & Alerts: Implement monitoring and alerting for unauthorized access attempts.

文件快照


 [4.0K]  /data/pocs/13624b8c3cef75e79e4d7ae5d68e0b93f503514d
├── [111K]  poc-1.png
├── [257K]  poc-2.png
└── [1.4K]  README.md

0 directories, 3 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。