Zero Science Lab » Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Device Config

Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Device Config

Title: Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Device Config
Advisory ID: ZSL-2024-5821
Type: Local/Remote
Impact: Security Bypass, Privilege Escalation, System Access, DoS
Risk: (5/5)
Release Date: 17.04.2024

Summary

ESE (Elber Satellite Equipment) product line, designed for the high-end radio contribution and distribution market, where quality and reliability are most important. The Elber IRD (Integrated Receiver Decoder) ESE-01 offers a professional audio quality (and composite video) at an excellent quality/price ratio. The development of digital satellite contribution networks and the need to connect a large number of sites require a cheap but reliable and performing satellite receiver with integrated decoder.

Description

The device suffers from an unauthenticated device configuration and client-side hidden functionality disclosure.

Vendor

Elber S.r.l. - https://www.elber.it

Affected Version

1.5.179 Revision 904
1.5.56 Revision 884
1.229 Revision 440

Tested On

NBFM Controller
embOS/IP

Vendor Status

[18.08.2023] Vulnerability discovered.
[20.08.2023] Vendor contacted.
[29.09.2023] No response from the vendor.
[09.12.2023] Vendor contacted.
[02.02.2024] No response from the vendor.
[16.03.2024] Vendor contacted.
[16.04.2024] No response from the vendor.
[17.04.2024] Public security advisory released.

PoC

elber_ese_idor.txt

Credits

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>

References

N/A

Changelog

[17.04.2024] - Initial release

Contact

Zero Science Lab

Web: https://www.zeroscience.mk
e-mail: lab@zeroscience.mk