Title: Screen SFT DAB 600/C Unauthenticated Information Disclosure (userManager.cgx)
Advisory ID: ZSL-2023-5776
Impact: Spoofing, Exposure of System Information, Exposure of Sensitive Information
Release Date: 13.05.2023
Screen\’s new radio DAB Transmitter is reaching the highesttechnology level in both Digital Signal Processing and RF domain.SFT DAB Series – Compact Radio DAB Transmitter – Air. Thanks to thedigital adaptive precorrection and configuatio flexibility, the HotSwap System technology, the compactness and the smart system design,the SFT DAB are advanced transmitters. They support standards DAB,DAB+ and T-DMB and are compatible with major headend brands.
Screen is affected by an information disclosure vulnerabilitydue to improper access control enforcement. An unauthenticated remoteattacker can exploit this, via a specially crafted request to gainaccess to sensitive information including usernames and source IPaddresses.
DB Elettronica Telecomunicazioni SpA – https://www.screen.it | https://www.dbbroadcast.com
Bios firmware: 7.1 (Apr 19 2021)
MontaVista® Linux® Carrier Grade eXpress (CGX)
[19.03.2023] Vulnerability discovered.
[20.03.2023] Vendor contacted.
[12.05.2023] No response from the vendor.
[13.05.2023] Public security advisory released.
Vulnerability discovered by Gjoko Krstic – <email@example.com>
[13.05.2023] – Initial release
Zero Science Lab