Headline
EuroTel ETL3100 Transmitter Default Credentials
The TV and FM transmitter uses a weak set of default administrative credentials that can be guessed in remote password attacks and gain full control of the system.
Title: EuroTel ETL3100 Transmitter Default Credentials
Advisory ID: ZSL-2023-5782
Type: Local/Remote
Impact: System Access, Exposure of System Information, Exposure of Sensitive Information
Risk: (4/5)
Release Date: 09.08.2023
Summary
RF Technology For Television Broadcasting Applications. The Series ETL3100 Radio Transmitter provides all the necessary features defined by the FM and DAB standards. Two bands are provided to easily complain with analog and digital DAB standard. The Series ETL3100 Television Transmitter provides all the necessary features defined by the DVB-T, DVB-H, DVB-T2, ATSC and ISDB-T standards, as well as the analog TV standards. Three band are provided to easily complain with all standard channels, and switch softly from analog-TV ‘world’ to DVB-T/H, DVB-T2, ATSC or ISDB-T transmission.
Description
The TV and FM transmitter uses a weak set of default administrative credentials that can be guessed in remote password attacks and gain full control of the system.
Vendor
EuroTel S.p.A. - https://www.eurotel.it
SIEL, Sistemi Elettronici S.R.L - https://www.siel.fm
Affected Version
v01c01 (Microprocessor: socs0t10/ats01s01, Model: ETL3100 Exciter)
v01x37 (Microprocessor: socs0t08/socs0s08, Model: ETL3100RT Exciter)
Tested On
GNU/Linux Ubuntu 3.0.0+ (GCC 4.3.3)
lighttpd/1.4.26
PHP/5.4.3
Xilinx Virtex Machine
Vendor Status
N/A
PoC
sielfm_creds.txt
Credits
Vulnerability discovered by Gjoko Krstic - <[email protected]>
References
N/A
Changelog
[09.08.2023] - Initial release
Contact
Zero Science Lab
Web: https://www.zeroscience.mk
e-mail: [email protected]