EuroTel ETL3100 Transmitter Unauthenticated Config/Log Download Vulnerability

Title: EuroTel EuroTel ETL3100 Transmitter Unauthenticated Config/Log Download Vulnerability
Advisory ID: ZSL-2023-5784
Type: Local/Remote
Impact: Security Bypass, Exposure of System Information, Exposure of Sensitive Information, System Access, DoS, Privilege Escalation
Risk: (5/5)
Release Date: 09.08.2023
Summary
RF Technology For Television Broadcasting Applications. The Series ETL3100 Radio Transmitter provides all the necessary features defined by the FM and DAB standards. Two bands are provided to easily complain with analog and digital DAB standard. The Series ETL3100 Television Transmitter provides all the necessary features defined by the DVB-T, DVB-H, DVB-T2, ATSC and ISDB-T standards, as well as the analog TV standards. Three band are provided to easily complain with all standard channels, and switch softly from analog-TV 'world' to DVB-T/H, DVB-T2, ATSC or ISDB-T transmission.
Description
The TV and FM transmitter suffers from an unauthenticated configuration and log download vulnerability. This will enable the attacker to disclose sensitive information and help him in authentication bypass, privilege escalation and full system access.
Vendor
EuroTel S.p.A. - https://www.eurotel.it
SIEL, Sistemi Elettronici S.R.L - https://www.siel.fm
Affected Version
v01c01 (Microprocessor: socs0t10/ats01s01, Model: ETL3100 Exciter)
v01x37 (Microprocessor: socs0t08/socs0s08, Model: ETL3100RT Exciter)
Tested On
GNU/Linux Ubuntu 3.0.0+ (GCC 4.3.3)
lighttpd/1.4.26
PHP/5.4.3
Xilinx Virtex Machine
Vendor Status
N/A
PoC
sielfm_config.txt
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] https://www.exploit-db.com/exploits/51686
[2] https://packetstormsecurity.com/files/174096/
[3] https://cxsecurity.com/issue/WLB-2023080040
[4] https://exchange.xforce.ibmcloud.com/vulnerabilities/263881
[5] https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-05
[6] https://nvd.nist.gov/vuln/detail/CVE-2023-6930
[7] https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-6930
Changelog
[09.08.2023] - Initial release
[31.08.2023] - Added reference [1], [2], [3] and [4]
[20.12.2023] - Added reference [5], [6] and [7]
Contact
Zero Science Lab

Web: https://www.zeroscience.mk
e-mail: lab@zeroscience.mk