Elber Communications Equipment Unauthenticated Configuration and Hidden Functionality Disclosure Vulnerability

A vulnerability exists in multiple Elber communications products, allowing for unauthenticated access to device configuration and the disclosure of client-side hidden functionalities. This issue affects the Signum DVB-S/S2 IRD (versions 1.999 and prior), Cleber/3 Broadcast Multi-Purpose Platform (version 1.0), Reble610 M/ODU XPIC IP-ASI-SDH (version 0.01), ESE DVB-S/S2 Satellite Receiver (versions 1.5.179 and prior), and Wayber Analog/Digital Audio STL (version 4).

Impact

Exploitation of this vulnerability could lead to unauthorized administrative access on the affected device.

Remediation

Elber does not plan to address these vulnerabilities as the equipment is either at or near the end of its life cycle. Users of the affected products are encouraged to contact Elber customer support for more information.