EuroTel ETL3100 Transmitter Authorization Bypass / Insecure Direct Object Reference

2023.08.13
Credit: LiquidWorm
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

EuroTel ETL3100 Transmitter Authorization Bypass (IDOR) Vendor: EuroTel S.p.A. | SIEL, Sistemi Elettronici S.R.L Product web page: https://www.eurotel.it | https://www.siel.fm Affected version: v01c01 (Microprocessor: socs0t10/ats01s01, Model: ETL3100 Exciter) v01x37 (Microprocessor: socs0t08/socs0s08, Model: ETL3100RT Exciter) Summary: RF Technology For Television Broadcasting Applications. The Series ETL3100 Radio Transmitter provides all the necessary features defined by the FM and DAB standards. Two bands are provided to easily complain with analog and digital DAB standard. The Series ETL3100 Television Transmitter provides all the necessary features defined by the DVB-T, DVB-H, DVB-T2, ATSC and ISDB-T standards, as well as the analog TV standards. Three band are provided to easily complain with all standard channels, and switch softly from analog-TV 'world' to DVB-T/H, DVB-T2, ATSC or ISDB-T transmission. Desc: The application is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access the hidden resources on the system and execute privileged functionalities. Tested on: GNU/Linux Ubuntu 3.0.0+ (GCC 4.3.3) lighttpd/1.4.26 PHP/5.4.3 Xilinx Virtex Machine Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience Advisory ID: ZSL-2023-5783 Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5783.php 29.04.2023 -- See URL: TARGET/exciter.php?page=0 TARGET/exciter.php?page=1 TARGET/exciter.php?page=2 ... ... TARGET/exciter.php?page=29 TARGET/exciter.php?page=30 TARGET/exciter.php?page=31


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top