The Elber ESE DVB-S/S2 Satellite Receiver 1.5.x devices suffer from an unauthenticated device configuration and client-side hidden functionality disclosure. An attacker can exploit this vulnerability to manipulate device configuration settings and reveal hidden functionalities without authentication.
Elber Wayber Analog/Digital Audio STL 4.00 devices are vulnerable to unauthenticated device configuration and disclosure of hidden functionalities on the client-side. An attacker can exploit this issue to modify device configurations without authentication and reveal hidden functionalities that are not intended for regular users.
The Elber ESE DVB-S/S2 Satellite Receiver 1.5.x devices are prone to an authentication bypass vulnerability due to unauthorized access to the password management function. By manipulating the set_pwd endpoint, attackers can change the password of any user, granting them unauthorized administrative access to critical parts of the application and compromising system security.
The Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 is vulnerable to an authentication bypass issue that allows attackers to gain unauthorized administrative access by manipulating the set_pwd endpoint to overwrite user passwords within the system. This exploit compromises the security of the device's system.
The Elber Reble610 device is vulnerable to an authentication bypass issue that allows attackers to gain unauthorized and administrative access to protected areas of the application. This vulnerability occurs due to a flaw in the password management functionality, specifically in the set_pwd endpoint, which can be manipulated by attackers to overwrite the password of any user within the system.
The Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Device allows an attacker to configure the device without authentication and reveals hidden functionality on the client-side. By exploiting this vulnerability, an unauthorized user can manipulate device settings and access undisclosed features.
The Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 device is prone to an unauthenticated device configuration vulnerability and client-side hidden functionality disclosure. An attacker can exploit this issue by sending unauthorized commands to the affected device, leading to unauthorized access and potential disclosure of hidden functionalities.
Elber Signum DVB-S/S2 IRD devices with affected versions 1.999, 1.317, 1.220, 1.217, 1.214, 1.193, 1.175, and 1.166 are prone to unauthenticated device configuration and client-side hidden functionality disclosure. An attacker can exploit this vulnerability to manipulate device configurations and reveal hidden functionalities without authentication.
The TELSAT marKoni FM transmitters are vulnerable to unauthenticated remote code execution with root privileges. By manipulating the Email settings' WAN IP info service, which uses the 'wget' module, an attacker can exploit a command injection flaw. This allows unauthorized access with administrative privileges through the 'url' parameter in the HTTP GET request to ekafcgi.fcgi.
The TELSAT marKoni FM Transmitter 1.9.5 firmware contains a hidden super administrative account named 'factory' with a hardcoded password 'inokram25', providing unauthorized access to the web management interface configuration. This backdoor account is not visible in the user interface and the password cannot be changed through regular operations. By exploiting this vulnerability located in the /js_files/LogIn_local.js script file, attackers can gain full control over the device, allowing them to perform actions like unit configuration, parameter modification, EEPROM overwrite, clearing DB, and factory log modification.