## Exploit Title: Sielco Analog FM Transmitter 2.12 - 'id' Cookie Brute Force Session Hijacking## Exploit Author: LiquidWorm
Vendor: Sielco S.r.l
Product web page: https://www.sielco.org
Affected version:2.12(EXC5000GX)2.12(EXC120GX)2.11(EXC300GX)2.10(EXC1600GX)2.10(EXC2000GX)2.08(EXC1600GX)2.08(EXC1000GX)2.07(EXC3000GX)2.06(EXC5000GX)1.7.7(EXC30GT)1.7.4(EXC300GT)1.7.4(EXC100GT)1.7.4(EXC5000GT)1.6.3(EXC1000GT)1.5.4(EXC120GT)
Summary: Sielco designs and produces FM radio transmitters
for professional broadcasting. The in-house laboratory develops
standard and customised solutions to meet all needs. Whether
digital or analogue, each product is studied to ensure reliability,
resistance over time and a high standard of safety. Sielco
transmitters are distributed throughout the world and serve
many radios in Europe, South America, Africa, Oceania and China.
Desc: The Cookie session ID 'id'is of an insufficient length and
can be exploited by brute force, which may allow a remote attacker
to obtain a valid session, bypass authentication and manipulate
the transmitter.
Tested on: lwIP/2.1.1
Web/3.0.3
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2023-5758
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5758.php
26.01.2023--# Session values (len=5)
Cookie:id=44189
Cookie:id=37692
Cookie:id=+6638
Cookie:id=+3077......
