EuroTel ETL3100 Transmitter Authorization Bypass / Insecure Direct Object Reference

EuroTel ETL3100 Transmitter Authorization Bypass / Insecure Direct Object Reference

EuroTel ETL3100 Transmitter Authorization Bypass / Insecure Direct Object Reference

EuroTel ETL3100 Transmitter Authorization Bypass (IDOR)Vendor: EuroTel S.p.A. | SIEL, Sistemi Elettronici S.R.LProduct web page: https://www.eurotel.it | https://www.siel.fmAffected version: v01c01 (Microprocessor: socs0t10/ats01s01, Model: ETL3100 Exciter)                   v01x37 (Microprocessor: socs0t08/socs0s08, Model: ETL3100RT Exciter)Summary: RF Technology For Television Broadcasting Applications.The Series ETL3100 Radio Transmitter provides all the necessaryfeatures defined by the FM and DAB standards. Two bands are providedto easily complain with analog and digital DAB standard. The SeriesETL3100 Television Transmitter provides all the necessary featuresdefined by the DVB-T, DVB-H, DVB-T2, ATSC and ISDB-T standards, aswell as the analog TV standards. Three band are provided to easilycomplain with all standard channels, and switch softly from analog-TV'world' to DVB-T/H, DVB-T2, ATSC or ISDB-T transmission.Desc: The application is vulnerable to insecure direct object referencesthat occur when the application provides direct access to objects basedon user-supplied input. As a result of this vulnerability attackers canbypass authorization and access the hidden resources on the system andexecute privileged functionalities.Tested on: GNU/Linux Ubuntu 3.0.0+ (GCC 4.3.3)           lighttpd/1.4.26           PHP/5.4.3           Xilinx Virtex MachineVulnerability discovered by Gjoko 'LiquidWorm' Krstic                            @zeroscienceAdvisory ID: ZSL-2023-5783Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5783.php29.04.2023--See URL:TARGET/exciter.php?page=0TARGET/exciter.php?page=1TARGET/exciter.php?page=2......TARGET/exciter.php?page=29TARGET/exciter.php?page=30TARGET/exciter.php?page=31