EuroTel ETL3100 Radio Transmitter

Plan PatchCVSS 9.8ICS-CERT ICSA-23-353-05Dec 19, 2023

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The EuroTel ETL3100 radio transmitter (versions v01c01 and v01x37) contains multiple authentication and access control weaknesses (CWE-307: weak password recovery, CWE-639: authorization bypass, CWE-284: improper access restrictions). These flaws allow an unauthenticated attacker to remotely gain full system access, read sensitive information, or manipulate hidden system resources. The vulnerabilities exist in the device's web or network management interface and require no user interaction or valid credentials to exploit. EuroTel has not committed to releasing a patch for these versions.

What this means

What could happen

An unauthenticated attacker could gain complete control of the ETL3100 radio transmitter remotely, potentially disrupting radio communications infrastructure and accessing sensitive system information. This could impact critical alert systems, emergency notifications, or other communication-dependent operations.

Who's at risk

Organizations operating EuroTel ETL3100 radio transmitters—including public safety agencies, utilities, and critical infrastructure operators that rely on radio communications for dispatch, emergency alerts, or remote site management. Any facility using affected firmware versions v01c01 or v01x37 is at risk.

How it could be exploited

An attacker on the network sends malformed requests to the ETL3100's management interface without credentials. Due to weak authentication enforcement (CWE-307, CWE-639) and broken access controls (CWE-284), the device accepts the request and executes arbitrary commands or returns sensitive information, giving the attacker full system access.

Prerequisites

Network access to the ETL3100 management interface (typically IP-based, port unspecified in advisory)
No valid credentials required
Device must be reachable from the attacker's network

remotely exploitableno authentication requiredlow complexityno patch availablecritical CVSS score (9.8)

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (2)

2 pending

ProductAffected VersionsFix Status

ETL3100: v01c01v01c01No fix yet

ETL3100: v01x37v01x37No fix yet

Remediation & Mitigation

0/5

Do now

0/4

HARDENINGDisconnect the ETL3100 from any network segment accessible from the internet or untrusted networks

HARDENINGPlace the ETL3100 behind a firewall and restrict network access to only authorized engineering workstations and management systems

HARDENINGIsolate the radio transmitter's network from business network infrastructure to prevent lateral movement by an attacker

WORKAROUNDIf remote access to the ETL3100 is required, implement a VPN with strong authentication and keep VPN software updated

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXContact EuroTel customer support to inquire about firmware updates or end-of-life status for affected versions v01c01 and v01x37

CVEs (3)

CVE-2023-6928 CVE-2023-6929 CVE-2023-6930

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/122cd368-311e-4bc4-bed2-cea25b9843e4

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.