exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Internet Radio auna IR-160 SE UIProto DoS / XSS / Missing Authentication

Internet Radio auna IR-160 SE UIProto DoS / XSS / Missing Authentication
Posted Sep 5, 2023
Authored by naphthalin

Internet Radio auna IR-160 SE using the UIProto firmware suffers from missing authentication, cross site scripting, and denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability, xss
advisories | CVE-2019-13473, CVE-2019-13474
SHA-256 | 75927f8cda3aa62c2631047112be3c976a92c9538bc1d406f2f782ebbafa69c6

Internet Radio auna IR-160 SE UIProto DoS / XSS / Missing Authentication

Change Mirror Download
The internet radio device auna IR-160 SE has multiple vulnerabilities. 
It uses the firmware UIProto, different versions of which can also be
found in many other radios.

1. The firmware offers a rudimentary web API that can be reached on the
local network on port 80. This API is completely unauthenticated,
allowing anyone to control the radio over the local network. (already
known as CVE-2019-13474, but relevant for the other two findings) [1]
[2] [3]

2. The web UI does not encode user input, resulting in a XSS
vulnerability, e.g. when changing the device name as follows:
http://192.168.178.93/set_dname?name=><script>alert(1)</script>

3. The firmware crashes when sending a device name longer than 84
characters. Some parts of the firmware will recover afterwards and music
will play again after a few seconds, but the service on port 80 remains
borked until the radio is reset using the switch on the back. This may
or may not be a memory corruption vulnerability. I don't feel like
analyzing this any further, but it certainly looks kinda fucked.
.../set_dname?name=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

For other vulnerabilities in UIProto see CVE-2019-13473 and
CVE-2019-13474 discovered by Benjamin K.M. These reports also mention
other devices that are possibly affected by this as well.

Also, if anyone knows how to re-enable telnetd on the patched version of
UIProto, please let me know!

Love,
naphthalin

[1] https://github.com/kayrus/iradio
[2] https://sites.google.com/site/tweakradje/devices/abeo-internet-radio
[3]
https://www.vulnerability-db.com/?q=articles/2019/09/09/imperial-dabman-internet-radio-undocumented-telnetd-code-execution

Login or Register to add favorites

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    19 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close