Headline
EuroTel ETL3100 Transmitter Authorization Bypass (IDOR)
The application is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access the hidden resources on the system and execute privileged functionalities.
Title: EuroTel ETL3100 Transmitter Authorization Bypass (IDOR)
Advisory ID: ZSL-2023-5783
Type: Local/Remote
Impact: Privilege Escalation, Security Bypass
Risk: (4/5)
Release Date: 09.08.2023
Summary
RF Technology For Television Broadcasting Applications. The Series ETL3100 Radio Transmitter provides all the necessary features defined by the FM and DAB standards. Two bands are provided to easily complain with analog and digital DAB standard. The Series ETL3100 Television Transmitter provides all the necessary features defined by the DVB-T, DVB-H, DVB-T2, ATSC and ISDB-T standards, as well as the analog TV standards. Three band are provided to easily complain with all standard channels, and switch softly from analog-TV ‘world’ to DVB-T/H, DVB-T2, ATSC or ISDB-T transmission.
Description
The application is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access the hidden resources on the system and execute privileged functionalities.
Vendor
EuroTel S.p.A. - https://www.eurotel.it
SIEL, Sistemi Elettronici S.R.L - https://www.siel.fm
Affected Version
v01c01 (Microprocessor: socs0t10/ats01s01, Model: ETL3100 Exciter)
v01x37 (Microprocessor: socs0t08/socs0s08, Model: ETL3100RT Exciter)
Tested On
GNU/Linux Ubuntu 3.0.0+ (GCC 4.3.3)
lighttpd/1.4.26
PHP/5.4.3
Xilinx Virtex Machine
Vendor Status
N/A
PoC
sielfm_idor.txt
Credits
Vulnerability discovered by Gjoko Krstic - <[email protected]>
References
N/A
Changelog
[09.08.2023] - Initial release
Contact
Zero Science Lab
Web: https://www.zeroscience.mk
e-mail: [email protected]