Security
Headlines
HeadlinesLatestCVEs

Headline

TELSAT marKoni FM Transmitter 1.9.5 Backdoor Account

TELSAT marKoni FM Transmitter version 1.9.5 has a hidden super administrative account factory that has the hardcoded password inokram25 that allows full access to the web management interface configuration.

Packet Storm
#vulnerability#web#mac#linux#js#php#backdoor
TELSAT marKoni FM Transmitter 1.9.5 Backdoor AccountVendor: TELSAT SrlProduct web page: https://www.markoni.itAffected version: Markoni-D (Compact) FM Transmitters                  Markoni-DH (Exciter+Amplifiers) FM Transmitters                  Markoni-A (Analogue Modulator) FM Transmitters                  Firmware: 1.9.5                            1.9.3                            1.5.9                            1.4.6                            1.3.9Summary: Professional FM transmitters.Desc: The transmitter has a hidden super administrative account 'factory'that has the hardcoded password 'inokram25' that allows full access tothe web management interface configuration. The factory account is notvisible in the users page of the application and the password cannot bechanged through any normal operation of the device. The backdoor lies inthe /js_files/LogIn_local.js script file. Attackers could exploit thisvulnerability by logging in using the backdoor credentials for the webpanel gaining also additional functionalities including: unit configuration,parameter modification, EEPROM overwrite, clearing DB, and factory logmodification.Tested on: GNU/Linux 3.10.53 (armv7l)           icorem6solox           lighttpd/1.4.33Vulnerability discovered by Gjoko 'LiquidWorm' KrsticMacedonian Information Security Research and Development LaboratoryZero Science Lab - https://www.zeroscience.mk - @zeroscienceAdvisory ID: ZSL-2024-5809Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5809.phpCWE ID: 912CWE URL: https://cwe.mitre.org/data/definitions/912.html10.11.2023--The credentials can be seen in the auto_login() JS function in theunprotected /js_files/LogIn_local.js file:$ curl -s http://10.0.8.3:88/js_files/LogIn_local.js |grep -A2 "auto_login()"function auto_login() {     // @mod1    var username = "factory";    var password = "inokram25";$

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution