<html><body><p>Sielco Radio Link 2.06 'id' Cookie Brute Force Session Hijacking

Vendor: Sielco S.r.l
Product web page:
Affected version: 2.06 (RTX19)
                  2.05 (RTX19)
                  2.00 (EXC19)
                  1.60 (RTX19)
                  1.59 (RTX19)
                  1.55 (EXC19)

Summary: Sielco develops and produces radio links for all
transmission and reception needs, thanks to innovative units
and excellent performances, accompanied by a high reliability
and low consumption.

Desc: The Cookie session ID 'id' is of an insufficient length and
can be exploited by brute force, which may allow a remote attacker
to obtain a valid session, bypass authentication and manipulate
the transmitter.

Tested on: lwIP/2.1.1

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic

Advisory ID: ZSL-2023-5762
Advisory URL:



# Session values (len=5)

Cookie: id=42331
Cookie: id=28903
Cookie: id=+5581
Cookie: id=+9002