Electrolink FM/DAB/TV Transmitter Web Management System Unauthorized Access Vulnerability

A vulnerability allowing unauthorized access has been identified in the Electrolink FM/DAB/TV Transmitter Web Management System. This issue affects the 500W, 1kW, and 2kW Medium DAB Transmitter Web versions 01.09, 01.08, and 01.07, as well as the Display versions 1.4 and 1.2. The vulnerability arises from insecure permissions that allow an attacker to access the /FrameSetCore.html endpoint, leading to unauthorized administrative access and potential complete system compromise.

Impact

Exploitation of this vulnerability allows an unauthenticated attacker to gain unauthorized access to the administrative backend via the /FrameSetCore.html endpoint, compromising system security and potentially leading to a complete system takeover.

Reproduction

/FrameSetCore.html

Remediation

To address this vulnerability, it is recommended to implement access controls that restrict access to sensitive files through authentication mechanisms. Additionally, remove any hard-coded credentials from JavaScript files, avoid storing sensitive information in client-side resources, conduct a thorough security audit to identify similar vulnerabilities, and implement monitoring and alerting for unauthorized access attempts.