EuroTel ETL3100 Transmitter Authorization Bypass (IDOR)
Title: EuroTel ETL3100 Transmitter Authorization Bypass (IDOR)
Advisory ID: ZSL-2023-5783
Type: Local/Remote
Impact: Privilege Escalation, Security Bypass
Risk: (4/5)
Release Date: 09.08.2023
SIEL, Sistemi Elettronici S.R.L - https://www.siel.fm
v01x37 (Microprocessor: socs0t08/socs0s08, Model: ETL3100RT Exciter)
lighttpd/1.4.26
PHP/5.4.3
Xilinx Virtex Machine
[2] https://www.exploit-db.com/exploits/51685
[3] https://cxsecurity.com/issue/WLB-2023080060
[4] https://exchange.xforce.ibmcloud.com/vulnerabilities/263880
[5] https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-05
[6] https://nvd.nist.gov/vuln/detail/CVE-2023-6929
[7] https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-6929
[31.08.2023] - Added reference [1], [2], [3] and [4]
[20.12.2023] - Added reference [5], [6] and [7]
Web: https://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2023-5783
Type: Local/Remote
Impact: Privilege Escalation, Security Bypass
Risk: (4/5)
Release Date: 09.08.2023
Summary
RF Technology For Television Broadcasting Applications. The Series ETL3100 Radio Transmitter provides all the necessary features defined by the FM and DAB standards. Two bands are provided to easily complain with analog and digital DAB standard. The Series ETL3100 Television Transmitter provides all the necessary features defined by the DVB-T, DVB-H, DVB-T2, ATSC and ISDB-T standards, as well as the analog TV standards. Three band are provided to easily complain with all standard channels, and switch softly from analog-TV 'world' to DVB-T/H, DVB-T2, ATSC or ISDB-T transmission.Description
The application is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access the hidden resources on the system and execute privileged functionalities.Vendor
EuroTel S.p.A. - https://www.eurotel.itSIEL, Sistemi Elettronici S.R.L - https://www.siel.fm
Affected Version
v01c01 (Microprocessor: socs0t10/ats01s01, Model: ETL3100 Exciter)v01x37 (Microprocessor: socs0t08/socs0s08, Model: ETL3100RT Exciter)
Tested On
GNU/Linux Ubuntu 3.0.0+ (GCC 4.3.3)lighttpd/1.4.26
PHP/5.4.3
Xilinx Virtex Machine
Vendor Status
N/APoC
sielfm_idor.txtCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>References
[1] https://packetstormsecurity.com/files/174095/[2] https://www.exploit-db.com/exploits/51685
[3] https://cxsecurity.com/issue/WLB-2023080060
[4] https://exchange.xforce.ibmcloud.com/vulnerabilities/263880
[5] https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-05
[6] https://nvd.nist.gov/vuln/detail/CVE-2023-6929
[7] https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-6929
Changelog
[09.08.2023] - Initial release[31.08.2023] - Added reference [1], [2], [3] and [4]
[20.12.2023] - Added reference [5], [6] and [7]
Contact
Zero Science LabWeb: https://www.zeroscience.mk
e-mail: lab@zeroscience.mk
