Orban OPTIMOD 5950 Access Control Vulnerability Allowing Authentication Bypass and Privilege Escalation

A broken access control vulnerability has been identified in the Orban OPTIMOD 5950, specifically in Firmware Version 1.0.0.2 and System Version 2.2.15. This vulnerability allows attackers to bypass authentication and gain administrative privileges through improper access control in the web interface login page. By executing specific JavaScript commands in the browser's developer console, an unauthenticated attacker can manipulate client-side authentication checks, effectively gaining full control over the device.

Impact

Exploitation of this vulnerability allows for unauthorized access with full administrative rights, enabling attackers to manipulate the device's settings and configurations. This could lead to unauthorized changes in audio processing, disruption of broadcast operations, or even a complete denial of service by disabling transmission or altering frequency settings.

Reproduction

To reproduce this vulnerability, open the login page of the Orban OPTIMOD 5950 in a web browser. Press F12 to access the Developer Tools and navigate to the Console tab. Execute JavaScript commands to disable the login overlay and authentication checks. Once these commands are executed, the login page will disappear, and administrative access will be granted.

Remediation

Administrators are advised to move authentication checks to the server side, remove exposed JavaScript functions from the client-side console, and implement secure authentication mechanisms. Until a patch is available, it is recommended to disable external access to the web interface, monitor logs for unauthorized activities, and use Web Application Firewall rules to block unauthorized requests.