DB Electronica Mozart FM Transmitter Authenticated Root Remote Code Execution Vulnerability

A vulnerability allowing authenticated root remote code execution has been identified in DB Electronica Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, and 7000. The issue arises from improper user input filtering in the web management interface, specifically in the 'main_ok.php' file. The vulnerability allows an attacker to execute arbitrary commands on the server by injecting payloads through user-supplied data, which is then passed directly to the 'date' command in the shell.

Impact

Exploitation of this vulnerability leads to unauthorized execution of commands with root privileges on the affected system.

Reproduction

The vulnerability can be reproduced by sending a POST request to 'main_ok.php' with the 'rr' parameter set to 'TIME' and the 'year', 'month', 'day', 'hour', 'minute', and 'second' parameters appropriately formatted. The injected command is executed via 'shell_exec()', allowing for command injection by breaking out of the intended command structure.