Sielco Radio Link 2.06 'id' Cookie Brute Force Session Hijacking  
Vendor: Sielco S.r.l  
Product web page:  
Affected version: 2.06 (RTX19)  
2.05 (RTX19)  
2.00 (EXC19)  
1.60 (RTX19)  
1.59 (RTX19)  
1.55 (EXC19)  
Summary: Sielco develops and produces radio links for all  
transmission and reception needs, thanks to innovative units  
and excellent performances, accompanied by a high reliability  
and low consumption.  
Desc: The Cookie session ID 'id' is of an insufficient length and  
can be exploited by brute force, which may allow a remote attacker  
to obtain a valid session, bypass authentication and manipulate  
the transmitter.  
Tested on: lwIP/2.1.1  
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
Advisory ID: ZSL-2023-5762  
Advisory URL:  
# Session values (len=5)  
Cookie: id=42331  
Cookie: id=28903  
Cookie: id=+5581  
Cookie: id=+9002