Sielco PolyEco Digital FM Transmitter 2.0.6 Authentication Bypass
Posted by deepcore on April 13, 2023 – 2:56 pm
Sielco PolyEco Digital FM Transmitter version 2.0.6 suffers from authentication bypass, account takeover / lockout, and privilege escalation vulnerabilities that can be triggered by directly calling the user object and modifying the password of the two constants user/role (user/admin). This can be exploited by an unauthenticated adversary by issuing a single POST request to the vulnerable endpoint and gain unauthorized access to the affected device with administrative privileges.
Post a reply
You must be logged in to post a comment.