WorldCast Systems ECRESO FM/DAB/TV Transmitter Privilege Escalation Vulnerability

A privilege escalation vulnerability has been identified in WorldCast Systems ECRESO FM/DAB/TV Transmitter version 1.10.1. This issue allows authenticated attackers to escalate privileges by sending a crafted JSON payload through the '/wscom' endpoint. An attacker with guest credentials can intercept the server response and modify it to include administrative rights, bypassing authentication and potentially leading to a complete system compromise.

Impact

Exploiting this vulnerability allows an attacker to gain unauthorized administrative access, with the potential for full control over the affected system.

Reproduction

To reproduce this vulnerability, log in as a guest user and navigate to the '/wscom' endpoint. Intercept the server response and modify the JSON payload to include administrative access rights. Once the modified payload is sent, the guest user will be granted admin privileges.

Remediation

It is recommended to enforce strict server-side validation for privilege changes, use secure tokens or session mechanisms to prevent client-side manipulation, implement HTTPS to secure data in transit, limit guest access to sensitive endpoints, and add logging and monitoring for privilege escalation attempts.