Zero Science Lab » R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure

R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure

Title: R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure
Advisory ID: ZSL-2023-5802
Type: Local/Remote
Impact: Exposure of Sensitive Information, Security Bypass
Risk: (5/5)
Release Date: 03.12.2023

Summary

R Radio FM Transmitter that includes FM Exciter and FM Amplifier parameter setup.

Description

The transmitter suffers from an improper access control that allows an unauthenticated actor to directly reference the system.cgi endpoint and disclose the clear-text password of the admin user allowing authentication bypass and FM station setup access.

Vendor

R Radio Network - http://www.pktc.ac.th

Affected Version

1.07

Tested On

CSBtechDevice

Vendor Status

[09.10.2023] Vulnerability discovered.
[10.10.2023] Vendor contacted.
[10.10.2023] Vendor responds asking more details.
[11.10.2023] Sent details to the vendor.
[14.10.2023] Vendor confirms the issue, working on a patch.
[29.10.2023] Vendor releases version 1.09 to address this issue.
[03.12.2023] Coordinated public security advisory released.

PoC

r_transmitter_pwd.txt

Credits

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>

References

[1] https://packetstormsecurity.com/files/176044/
[2] https://exchange.xforce.ibmcloud.com/vulnerabilities/275361
[3] https://www.exploit-db.com/exploits/51855

Changelog

[03.12.2023] - Initial release
[20.12.2023] - Added reference [1]
[01.02.2024] - Added reference [2]
[03.03.2024] - Added reference [3]

Contact

Zero Science Lab

Web: https://www.zeroscience.mk
e-mail: lab@zeroscience.mk