vendor:
FM Transmitter
by:
Gjoko 'LiquidWorm' Krstic
6.1
CVSS
HIGH
Password Disclosure
200
CWE
Product Name: FM Transmitter
Affected Version From: 1.7.2024
Affected Version To: 01.07
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: CSBtechDevice
2023
R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure
The R Radio Network FM Transmitter 1.07 system.cgi endpoint has an improper access control issue that allows unauthenticated users to access and view the clear-text password of the admin user, enabling them to bypass authentication and access FM station setup.
Mitigation:
To mitigate this vulnerability, it is recommended to restrict access to the system.cgi endpoint to authorized users only and ensure strong password policies are in place.