Positron Broadcast Signal Processor TRA7005 v1.20 _Passwd Exploit

The Positron Broadcast Digital Signal Processor TRA7005 suffers from an authentication bypass through a direct and unauthorized access to the password management functionality. The vulnerability allows attackers to bypass Digest authentication by manipulating the password endpoint _Passwd.html and its payload data to set a user’s password to arbitrary value or remove it entirely. This grants unauthorized access to protected areas (/user, /operator, /admin) of the application without requiring valid credentials, compromising the device’s system security.