Executive Summary

This vulnerability in R Radio Network FM Transmitter 1.07 allows unauthenticated attackers to access the admin user's password through the system.cgi endpoint. This access enables attackers to bypass authentication and gain control over FM station setup functions.

Useful 0 Not Useful 0

Impact Analysis

The vulnerability can lead to unauthorized control of the FM transmitter's administrative functions, potentially allowing attackers to manipulate FM station settings, disrupt service, or compromise the device's operation.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by sending an unauthenticated HTTP request to the system.cgi endpoint of the R Radio Network FM Transmitter version 1.07. For example, using a command like `curl http://<target-ip>/system.cgi` can reveal an HTML page containing the admin user's clear-text password in a password input field if the device is vulnerable. [2]

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to upgrade the R Radio Network FM Transmitter from version 1.07 to version 1.09, which the vendor released to address this vulnerability. Until the upgrade can be applied, restrict network access to the device's system.cgi endpoint to trusted users only, and monitor for any unauthorized access attempts. [1]

Useful 0 Not Useful 0