Title: Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Device Config
Advisory ID: ZSL-2024-5817
Type: Local/Remote
Impact: Security Bypass, Privilege Escalation, System Access, DoS
Risk: (5/5)
Release Date: 17.04.2024

Summary

Cleber offers a powerful, flexible and modular hardware and software platform for broadcasting and contribution networks where customers can install up to six boards with no limitations in terms of position or number. Based on a Linux embedded OS, it detects the presence of the boards and shows the related control interface to the user, either through web GUI and Touchscreen TFT display. Power supply can be single (AC and/or DC) or dual (hot swappable for redundancy); customer may chose between two ranges for DC sources, that is 22-65 or 10-36 Vdc for site or DSNG applications.

Description

The device suffers from an unauthenticated device configuration and client-side hidden functionality disclosure.

Vendor

Elber S.r.l. - https://www.elber.it

Affected Version

1.0.0 Revision 7304
1.0.0 Revision 7284
1.0.0 Revision 6505
1.0.0 Revision 6332
1.0.0 Revision 6258
XS2DAB v1.50 rev 6267

Tested On

NBFM Controller
embOS/IP

Vendor Status

[18.08.2023] Vulnerability discovered.
[20.08.2023] Vendor contacted.
[29.09.2023] No response from the vendor.
[09.12.2023] Vendor contacted.
[02.02.2024] No response from the vendor.
[16.03.2024] Vendor contacted.
[16.04.2024] No response from the vendor.
[17.04.2024] Public security advisory released.

PoC

elber_cleber_idor.txt

Credits

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>

References

[1] https://packetstormsecurity.com/files/178137/
[2] https://www.exploit-db.com/exploits/52005

Changelog

[17.04.2024] - Initial release
[22.05.2024] - Added reference [1] and [2]

Contact

Zero Science Lab

Web: https://www.zeroscience.mk
e-mail: lab@zeroscience.mk