Sielco analog fm transmitter 2.12 improper access control change admin password Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2023-04-14 |
Type : webapps |
Platform : hardware
This exploit / vulnerability Sielco analog fm transmitter 2.12 improper access control change admin password is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
<!--
## Exploit Title: Sielco Analog FM Transmitter 2.12 - Improper Access Control Change Admin Password
## Exploit Author: LiquidWorm
Summary: Sielco designs and produces FM radio transmitters
for professional broadcasting. The in-house laboratory develops
standard and customised solutions to meet all needs. Whether
digital or analogue, each product is studied to ensure reliability,
resistance over time and a high standard of safety. Sielco
transmitters are distributed throughout the world and serve
many radios in Europe, South America, Africa, Oceania and China.
Desc: The application suffers from improper access control when
editing users. A user with Read permissions can manipulate users,
passwords and permissions by sending a single HTTP POST request
with modified parameters and edit other users' names, passwords
and permissions including admin password.
Tested on: lwIP/2.1.1
Web/3.0.3
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience