Sielco Radio Link 2.06 'id' Cookie Brute Force Session Hijacking
Vendor: Sielco S.r.l
Product web page: https://www.sielco.org
Affected version: 2.06 (RTX19)Sielco Radio Link 2.06 'id' Cookie Brute Force Session Hijacking
Vendor: Sielco S.r.l
Product web page: https://www.sielco.org
Affected version: 2.06 (RTX19)
2.05 (RTX19)
2.00 (EXC19)
1.60 (RTX19)
1.59 (RTX19)
1.55 (EXC19)
Summary: Sielco develops and produces radio links for all
transmission and reception needs, thanks to innovative units
and excellent performances, accompanied by a high reliability
and low consumption.
Desc: The Cookie session ID 'id' is of an insufficient length and
can be exploited by brute force, which may allow a remote attacker
to obtain a valid session, bypass authentication and manipulate
the transmitter.
Tested on: lwIP/2.1.1
Web/2.9.3
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2023-5762
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5762.php
26.01.2023
--
# Session values (len=5)
Cookie: id=42331
Cookie: id=28903
Cookie: id=+5581
Cookie: id=+9002
...
...