bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/hardware/remote/51684.txt
Exploit-DB e07f33f24d DB: 2023-08-22 
17 changes to exploits/shellcodes/ghdb

EuroTel ETL3100 - Transmitter Authorization Bypass (IDOR)
EuroTel ETL3100 - Transmitter Default Credentials
EuroTel ETL3100 - Transmitter Unauthenticated Config/Log Download

Color Prediction Game v1.0 - SQL Injection

Crypto Currency Tracker (CCT) 9.5 - Admin Account Creation (Unauthenticated)

Dolibarr Version 17.0.1 - Stored XSS

Global - Multi School Management System Express v1.0- SQL Injection

OVOO Movie Portal CMS v3.3.3 - SQL Injection

PHPJabbers Business Directory Script v3.2 - Multiple Vulnerabilities

Taskhub CRM Tool 2.8.6 - SQL Injection

Inosoft VisiWin 7 2022-2.1 - Insecure Folders Permissions
TSPlus 16.0.0.0 - Remote Work Insecure Credential storage
TSplus 16.0.0.0 - Remote Work Insecure Files and Folders
TSplus 16.0.2.14 - Remote Access Insecure Files and Folders Permissions

Linux/x64 - memfd_create ELF loader Shellcode (170 bytes)
2023-08-22 00:16:22 +00:00

43 lines
No EOL
1.7 KiB
Text
Raw Permalink Blame History

#Exploit Title: EuroTel ETL3100 Transmitter Default Credentials
# Exploit Author: LiquidWorm
Vendor: EuroTel S.p.A. | SIEL, Sistemi Elettronici S.R.L
Product web page: https://www.eurotel.it | https://www.siel.fm
Affected version: v01c01 (Microprocessor: socs0t10/ats01s01, Model: ETL3100 Exciter)
v01x37 (Microprocessor: socs0t08/socs0s08, Model: ETL3100RT Exciter)
Summary: RF Technology For Television Broadcasting Applications.
The Series ETL3100 Radio Transmitter provides all the necessary
features defined by the FM and DAB standards. Two bands are provided
to easily complain with analog and digital DAB standard. The Series
ETL3100 Television Transmitter provides all the necessary features
defined by the DVB-T, DVB-H, DVB-T2, ATSC and ISDB-T standards, as
well as the analog TV standards. Three band are provided to easily
complain with all standard channels, and switch softly from analog-TV
'world' to DVB-T/H, DVB-T2, ATSC or ISDB-T transmission.
Desc: The TV and FM transmitter uses a weak set of default administrative
credentials that can be guessed in remote password attacks and gain full
control of the system.
Tested on: GNU/Linux Ubuntu 3.0.0+ (GCC 4.3.3)
lighttpd/1.4.26
PHP/5.4.3
Xilinx Virtex Machine
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2023-5782
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5782.php
29.04.2023
--
Using Username "user" and Password "etl3100rt1234" the operator will enter in the WEB interface in a read-only mode.
Using Username "operator" and Password "2euro21234" the operator will be able also to modify some parameters in the WEB pages.
Reference in a new issue View git blame Copy permalink