Analog Fm Transmitter Exc100Gt Firmware Security Vulnerabilities - 2023

CVE-2023-41966

The application suffers from a privilege escalation vulnerability. Auser with read permissions can elevate privileges by sending a HTTP POSTto set a parameter.

CVE-2023-42769

The cookie session ID is of insufficient length and can be exploited bybrute force, which may allow a remote attacker to obtain a validsession, bypass authentication, and manipulate the transmitter.

CVE-2023-45228

The application suffers from improper access control when editing users.A user with read permissions can manipulate users, passwords, andpermissions by sending a single HTTP POST request with modifiedparameters.

CVE-2023-45317

The application interface allows users to perform certain actions viaHTTP requests without performing any validity checks to verify therequests. This can be exploited to perform certain actions withadministrative privileges if a logged-in user visits a malicious website.