Share
## https://sploitus.com/exploit?id=PACKETSTORM:174094
EuroTel ETL3100 Transmitter Default Credentials  
  
Vendor: EuroTel S.p.A. | SIEL, Sistemi Elettronici S.R.L  
Product web page: https://www.eurotel.it | https://www.siel.fm  
Affected version: v01c01 (Microprocessor: socs0t10/ats01s01, Model: ETL3100 Exciter)   
v01x37 (Microprocessor: socs0t08/socs0s08, Model: ETL3100RT Exciter)  
  
  
Summary: RF Technology For Television Broadcasting Applications.  
The Series ETL3100 Radio Transmitter provides all the necessary  
features defined by the FM and DAB standards. Two bands are provided  
to easily complain with analog and digital DAB standard. The Series  
ETL3100 Television Transmitter provides all the necessary features  
defined by the DVB-T, DVB-H, DVB-T2, ATSC and ISDB-T standards, as  
well as the analog TV standards. Three band are provided to easily  
complain with all standard channels, and switch softly from analog-TV  
'world' to DVB-T/H, DVB-T2, ATSC or ISDB-T transmission.  
  
Desc: The TV and FM transmitter uses a weak set of default administrative  
credentials that can be guessed in remote password attacks and gain full  
control of the system.  
  
Tested on: GNU/Linux Ubuntu 3.0.0+ (GCC 4.3.3)  
lighttpd/1.4.26  
PHP/5.4.3  
Xilinx Virtex Machine  
  
  
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
@zeroscience  
  
  
Advisory ID: ZSL-2023-5782  
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5782.php  
  
  
29.04.2023  
  
--  
  
  
Using Username "user" and Password "etl3100rt1234" the operator will enter in the WEB interface in a read-only mode.  
Using Username "operator" and Password "2euro21234" the operator will be able also to modify some parameters in the WEB pages.