Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Device Config

Title: Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Device Config
Advisory ID: ZSL-2024-5821
Type: Local/Remote
Impact: Security Bypass, Privilege Escalation, System Access, DoS
Risk: (5/5)
Release Date: 17.04.2024
Summary
ESE (Elber Satellite Equipment) product line, designed for the high-end radio contribution and distribution market, where quality and reliability are most important. The Elber IRD (Integrated Receiver Decoder) ESE-01 offers a professional audio quality (and composite video) at an excellent quality/price ratio. The development of digital satellite contribution networks and the need to connect a large number of sites require a cheap but reliable and performing satellite receiver with integrated decoder.
Description
The device suffers from an unauthenticated device configuration and client-side hidden functionality disclosure.
Vendor
Elber S.r.l. - https://www.elber.it
Affected Version
1.5.179 Revision 904
1.5.56 Revision 884
1.229 Revision 440
Tested On
NBFM Controller
embOS/IP
Vendor Status
[18.08.2023] Vulnerability discovered.
[20.08.2023] Vendor contacted.
[29.09.2023] No response from the vendor.
[09.12.2023] Vendor contacted.
[02.02.2024] No response from the vendor.
[16.03.2024] Vendor contacted.
[16.04.2024] No response from the vendor.
[17.04.2024] Public security advisory released.
PoC
elber_ese_idor.txt
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] https://packetstormsecurity.com/files/178141/
[2] https://cxsecurity.com/issue/WLB-2024040055
[3] https://www.exploit-db.com/exploits/52070
Changelog
[17.04.2024] - Initial release
[22.05.2024] - Added reference [1] and [2]
[18.09.2024] - Added reference [3]
Contact
Zero Science Lab

Web: https://www.zeroscience.mk
e-mail: lab@zeroscience.mk