DB Electronica Mozart FM Transmitter Unauthenticated OS Command Injection Vulnerability Allowing Remote Code Execution
Vulnerability
A vulnerability allowing unauthenticated OS command injection has been identified in DB Electronica Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, and 7000. The issue arises in the 'restore_settings.php' file, where user-controlled 'name' parameters are passed through 'urldecode()' directly into 'exec()' without proper validation or escaping. This flaw enables attackers to inject arbitrary shell commands using metacharacters, achieving remote code execution as the web server user.
Impact
Exploitation of this vulnerability allows for unauthenticated remote code execution on the server, with the executed commands running as the web server user.
Reproduction
To reproduce this vulnerability, send a GET request to the '/var/tdf/restore_settings.php' endpoint with a 'name' parameter that includes injected commands, such as ');id;#'. The injected command will be executed on the server, demonstrating the command injection vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.