Several weeks ago, researchers from Vulnerability-Lab discovered an anomaly on a private broadcast of web radio. Further probe into the matter led them to an undocumented telnet server on the standard port 23 of the web radio during a port scan. It was discovered that the network had allowed port forwarding for all ports, permitting enemies to gain unauthorized access to the radio and the OS afterward.
The glitch (CVE-2019-13473) was discovered in the web radios of Imperial Dabman that are distributed in Germany by Telestar Digital GmbH. The products are offered across Europe through eBay, Amazon resellers. The devices utilize Bluetooth and Web connectivity and are based on BusyBox Debian Linux.
The second vulnerability (CVE-2019-13474) identified in the AirMusic client onboard the gadget permitting unauthenticated command-execution. “Using the mobile application on Apple iOS in combination with the port scan outcome shows that the AirMusic client could also be connecting on port 80 via 8080 httpd to send and receive instructions,” said the researchers.
The researchers further posted a proof-of-concept video showing how the units could be abused.
It’s estimated that more than1 million models of the Imperial Dabman web radio series could be vulnerable. By exploiting this glitch, hackers can perform malicious activities such as blackmailing, shocking, easy net-server defacement
Addressing the issue, Telstar said that it would not be using Telnet going ahead. For existing deployments, it launched manual binary patches that can be downloaded from the Telestar Digital Gmbh website. Additionally, an automated over-the-air update shall be made available through the web radio firmware update function in the local settings.