DB Elettronica Screen SFT DAB Authentication Bypass Vulnerability Allowing Admin Password Change

An authentication bypass vulnerability has been identified in the Screen SFT DAB digital audio broadcasting transmitter, specifically in version 1.9.3. This vulnerability allows attackers to change the admin password without needing the current password. Exploitation involves sending a crafted JSON request with a new password hashed using MD5 to the userManager.cgx endpoint, directly modifying the admin account.

Impact

Exploitation of this vulnerability allows for unauthorized password changes, potentially leading to unauthorized administrative access.

Reproduction

To reproduce this vulnerability, send a POST request to the userManager.cgx endpoint with a JSON payload that includes the 'username' set to 'admin' and the 'password' set to the desired new password, hashed with MD5. Include the appropriate headers to mimic a request from the transmitter's web interface.