← Advisories

Sielco Radio Link 2.06 Remote Privilege Escalation

High
Advisory ID
ZSL-2023-5759
Release Date
30 March 2023
Vendor
Sielco S.r.l - https://www.sielco.org
Affected Version
2.06 (RTX19), 2.05 (RTX19), 2.00 (EXC19), 1.60 (RTX19), 1.59 (RTX19), 1.55 (EXC19)
CVE
CVE-2023-41966
Tested On
lwIP/2.1.1, Web/2.9.3
Summary

Sielco develops and produces radio links for all transmission and reception needs, thanks to innovative units and excellent performances, accompanied by a high reliability and low consumption.

Description

The application suffers from a privilege escalation vulnerability. A user with Read permissions can elevate his/her privileges by sending a HTTP POST request setting the parameter 'auth1' or 'auth2' or 'auth3' to integer value '1' for Write or '2' for Admin permissions.

Proof of Concept
sielco_rl_eop.htmlTXT
Disclosure Timeline
26.01.2023Vulnerability discovered.
27.01.2023Contact with the vendor and CSIRT Italia.
29.03.2023No response from the vendor.
29.03.2023No response from the CSIRT team.
30.03.2023Public security advisory released.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]https://packetstormsecurity.com/files/171849/
[2]https://exchange.xforce.ibmcloud.com/vulnerabilities/253069
[3]https://exchange.xforce.ibmcloud.com/vulnerabilities/269709
[4]https://www.cisa.gov/news-events/ics-advisories/icsa-23-299-08
[5]https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-41966
[6]https://nvd.nist.gov/vuln/detail/CVE-2023-41966
Changelog
30.03.2023Initial release
03.11.2023Added reference [1], [2], [3], [4], [5] and [6]