CVE-2025-66255
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:N/SA:N
Summary
Unauthenticated Arbitrary File Upload (upgrade_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Missing signature validation allows uploading malicious firmware packages.
The firmware upgrade endpoint in upgrade_contents.php accepts arbitrary file uploads without validating file headers, cryptographic signatures, or enforcing .tgz format requirements, allowing malicious firmware injection. This endpoint also subsequently provides ways for arbitrary file uploads and subsequent remote code execution
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| DB Electronica Telecomunicazioni S.p.A. | Mozart FM Transmitter | 30 | affected |
| DB Electronica Telecomunicazioni S.p.A. | Mozart FM Transmitter | 50 | affected |
| DB Electronica Telecomunicazioni S.p.A. | Mozart FM Transmitter | 100 | affected |
| DB Electronica Telecomunicazioni S.p.A. | Mozart FM Transmitter | 300 | affected |
| DB Electronica Telecomunicazioni S.p.A. | Mozart FM Transmitter | 500 | affected |
| DB Electronica Telecomunicazioni S.p.A. | Mozart FM Transmitter | 1000 | affected |
| DB Electronica Telecomunicazioni S.p.A. | Mozart FM Transmitter | 2000 | affected |
| DB Electronica Telecomunicazioni S.p.A. | Mozart FM Transmitter | 3000 | affected |
| DB Electronica Telecomunicazioni S.p.A. | Mozart FM Transmitter | 3500 | affected |
| DB Electronica Telecomunicazioni S.p.A. | Mozart FM Transmitter | 6000 | affected |
| DB Electronica Telecomunicazioni S.p.A. | Mozart FM Transmitter | 7000 | affected |
Weaknesses
- CWE-345: CWE-345 Unauthenticated Arbitrary File Upload (upgrade_contents.php)
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: total
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.