R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure

Title: R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure
Advisory ID: ZSL-2023-5802
Type: Local/Remote
Impact: Exposure of Sensitive Information, Security Bypass
Risk: (5/5)
Release Date: 03.12.2023
Summary
R Radio FM Transmitter that includes FM Exciter and FM Amplifier parameter setup.
Description
The transmitter suffers from an improper access control that allows an unauthenticated actor to directly reference the system.cgi endpoint and disclose the clear-text password of the admin user allowing authentication bypass and FM station setup access.
Vendor
R Radio Network - http://www.pktc.ac.th
Affected Version
1.07
Tested On
CSBtechDevice
Vendor Status
[09.10.2023] Vulnerability discovered.
[10.10.2023] Vendor contacted.
[10.10.2023] Vendor responds asking more details.
[11.10.2023] Sent details to the vendor.
[14.10.2023] Vendor confirms the issue, working on a patch.
[29.10.2023] Vendor releases version 1.09 to address this issue.
[03.12.2023] Coordinated public security advisory released.
PoC
r_transmitter_pwd.txt
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] https://packetstormsecurity.com/files/176044/
[2] https://exchange.xforce.ibmcloud.com/vulnerabilities/275361
[3] https://www.exploit-db.com/exploits/51855
Changelog
[03.12.2023] - Initial release
[20.12.2023] - Added reference [1]
[01.02.2024] - Added reference [2]
[03.03.2024] - Added reference [3]
Contact
Zero Science Lab

Web: https://www.zeroscience.mk
e-mail: lab@zeroscience.mk