CVE-2025-28228 is a high-severity vulnerability affecting Electrolink Medium DAB Transmitter Web interfaces, specifically versions v01.07, v01.08, and v01.09 of the 500W, 1kW, and 2kW transmitters, as well as Display versions v1.2 and v1.4. The vulnerability is classified under CWE-522, which pertains to insufficiently protected credentials. In this case, the flaw allows unauthorized attackers to access credentials in plaintext via the web interface. The CVSS 3.1 base score is 7.5, indicating a high severity level, with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. This means the vulnerability is remotely exploitable over the network without requiring any privileges or user interaction. The impact is primarily on confidentiality, as attackers can retrieve sensitive credentials, but it does not affect integrity or availability directly. The vulnerability does not require authentication, making it easier to exploit. The lack of patches or vendor project details suggests this is a newly disclosed issue with limited public mitigation guidance. The affected products are specialized broadcast transmitters used in digital audio broadcasting (DAB), which are critical infrastructure components in radio transmission networks. Exposure of credentials could allow attackers to gain unauthorized access to the transmitter's management interface, potentially leading to unauthorized configuration changes or further lateral movement within broadcast networks.

For European organizations, particularly broadcasters and media companies relying on Electrolink Medium DAB transmitters, this vulnerability poses a significant risk to the confidentiality of operational credentials. Unauthorized access could enable attackers to intercept or manipulate broadcast content, disrupt transmission schedules, or use the compromised devices as footholds for broader network intrusion. Given the critical role of DAB transmitters in public communication infrastructure, exploitation could undermine trust in broadcast services and potentially impact emergency broadcast capabilities. The exposure of plaintext credentials increases the risk of credential theft and reuse, potentially cascading into further compromise of related systems. Although no known exploits are currently reported in the wild, the ease of exploitation and lack of required authentication make this vulnerability attractive to threat actors targeting European media infrastructure. The impact is heightened in countries with extensive DAB deployment and where Electrolink transmitters are widely used, as well as in regions with strategic importance for media and public communication.

Given the absence of official patches, European organizations should immediately implement compensating controls. These include isolating the affected transmitter web interfaces from public and untrusted networks via network segmentation and strict firewall rules. Employ VPNs or secure tunnels with strong authentication for remote management access. Change all default or known credentials on affected devices and rotate credentials regularly. Monitor network traffic for unusual access patterns to the transmitter web interfaces and implement intrusion detection systems tuned for these devices. Where possible, disable or restrict web interface access when not actively managed. Engage with Electrolink or authorized vendors to obtain firmware updates or security advisories. Additionally, conduct thorough audits of broadcast infrastructure to identify all affected devices and prioritize remediation. Establish incident response plans specific to broadcast infrastructure compromise scenarios. Finally, consider deploying multi-factor authentication if supported by the devices or surrounding management systems to reduce the risk of credential misuse.