vendor:
ETL3100
by:
LiquidWorm
N/A
CVSS
HIGH
Authorization Bypass (IDOR)
IDOR
CWE
Product Name: ETL3100
Affected Version From: v01c01 (Microprocessor: socs0t10/ats01s01, Model: ETL3100 Exciter)
Affected Version To: v01x37 (Microprocessor: socs0t08/socs0s08, Model: ETL3100RT Exciter)
Patch Exists: NO
Related CWE:
CPE: a:eurotel:etl3100
Platforms Tested: GNU/Linux Ubuntu 3.0.0+ (GCC 4.3.3), lighttpd/1.4.26, PHP/5.4.3, Xilinx Virtex Machine
2023
EuroTel ETL3100 – Transmitter Authorization Bypass (IDOR)
The application is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers can bypass authorization and access the hidden resources on the system and execute privileged functionalities.
Mitigation:
The vendor should fix the insecure direct object references vulnerability by implementing proper authorization and access control mechanisms. Users should ensure they have the latest version of the product installed and follow best practices for secure configuration.