← Advisories

EuroTel ETL3100 Transmitter Authorization Bypass (IDOR)

High
Advisory ID
ZSL-2023-5783
Release Date
09 August 2023
Vendor
EuroTel S.p.A. - https://www.eurotel.it, SIEL, Sistemi Elettronici S.R.L - https://www.siel.fm
Affected Version
v01c01 (Microprocessor: socs0t10/ats01s01, Model: ETL3100 Exciter), v01x37 (Microprocessor: socs0t08/socs0s08, Model: ETL3100RT Exciter)
CVE
CVE-2023-6929
Tested On
GNU/Linux Ubuntu 3.0.0+ (GCC 4.3.3), lighttpd/1.4.26, PHP/5.4.3, Xilinx Virtex Machine
Summary

RF Technology For Television Broadcasting Applications. The Series ETL3100 Radio Transmitter provides all the necessary features defined by the FM and DAB standards. Two bands are provided to easily complain with analog and digital DAB standard. The Series ETL3100 Television Transmitter provides all the necessary features defined by the DVB-T, DVB-H, DVB-T2, ATSC and ISDB-T standards, as well as the analog TV standards. Three band are provided to easily complain with all standard channels, and switch softly from analog-TV 'world' to DVB-T/H, DVB-T2, ATSC or ISDB-T transmission.

Description

The application is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access the hidden resources on the system and execute privileged functionalities.

Proof of Concept
sielfm_idor.txtTXT
Disclosure Timeline
N/A
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]https://packetstormsecurity.com/files/174095/
[2]https://www.exploit-db.com/exploits/51685
[3]https://cxsecurity.com/issue/WLB-2023080060
[4]https://exchange.xforce.ibmcloud.com/vulnerabilities/263880
[5]https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-05
[6]https://nvd.nist.gov/vuln/detail/CVE-2023-6929
[7]https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-6929
Changelog
09.08.2023Initial release
31.08.2023Added reference [1], [2], [3] and [4]
20.12.2023Added reference [5], [6] and [7]