Title: R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure Advisory ID: ZSL-2023-5802 Type: Local/Remote Impact: Exposure of Sensitive Information, Security Bypass Risk: 5/5 Release Date: 03.12.2023 Summary: R Radio FM Transmitter includes FM Exciter and FM Amplifier parameter setup. The vulnerability resides in improper access control exposing the admin user password in cleartext via the system.cgi endpoint. Vendor: - R Radio Network - http://www.pktc.ac.th Affected Version: 1.07 Tested On: CSBtechDevice Vendor Status: - 09.10.2023: Vulnerability discovered. - 10.10.2023: Vendor contacted. - 11.10.2023: Vendor responds, asks for details. - 11.10.2023: Details sent to vendor. - 14.10.2023: Vendor confirms issue, working on a patch. - 29.10.2023: Version 1.09 released to fix. - 03.12.2023: Coordinated public security advisory released. Proof of Concept (PoC): - r_transmitter_pwd.txt Credits: - Discovery by Gjoko Krstic - gjoko@zeroscience.mk References: - [1] https://packetstormsecurity.com/files/176044/ - [2] https://exchange.xforce.ibmcloud.com/vulnerabilities/275361 - [3] https://www.exploit-db.com/exploits/51855 Changelog: - [03.12.2023] - Initial release - [20.12.2023] - Added reference [1] - [01.02.2024] - Added reference [2] - [03.03.2024] - Added reference [3] Contact: - Web: https://www.zeroscience.mk - Email: lab@zeroscience.mk