Advertisement






EuroTel ETL3100 Transmitter Default Credentials

CVE Category Price Severity
CVE-2021-22851 CWE-287 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2023-08-09
CVSS
CVSS:4.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2023080039

Below is a copy:

EuroTel ETL3100 Transmitter Default Credentials
EuroTel ETL3100 Transmitter Default Credentials

Vendor: EuroTel S.p.A. | SIEL, Sistemi Elettronici S.R.L
Product web page: https://www.eurotel.it | https://www.siel.fm
Affected version: v01c01 (Microprocessor: socs0t10/ats01s01, Model: ETL3100 Exciter) 
                  v01x37 (Microprocessor: socs0t08/socs0s08, Model: ETL3100RT Exciter)


Summary: RF Technology For Television Broadcasting Applications.
The Series ETL3100 Radio Transmitter provides all the necessary
features defined by the FM and DAB standards. Two bands are provided
to easily complain with analog and digital DAB standard. The Series
ETL3100 Television Transmitter provides all the necessary features
defined by the DVB-T, DVB-H, DVB-T2, ATSC and ISDB-T standards, as
well as the analog TV standards. Three band are provided to easily
complain with all standard channels, and switch softly from analog-TV
'world' to DVB-T/H, DVB-T2, ATSC or ISDB-T transmission.

Desc: The TV and FM transmitter uses a weak set of default administrative
credentials that can be guessed in remote password attacks and gain full
control of the system.

Tested on: GNU/Linux Ubuntu 3.0.0+ (GCC 4.3.3)
           lighttpd/1.4.26
           PHP/5.4.3
           Xilinx Virtex Machine


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2023-5782
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5782.php


29.04.2023

--


Using Username "user" and Password "etl3100rt1234" the operator will enter in the WEB interface in a read-only mode.
Using Username "operator" and Password "2euro21234" the operator will be able also to modify some parameters in the WEB pages.

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.