Overview
The CVE-2025-28233 vulnerability resides in the incorrect access control mechanism of various BW Broadcast hardware versions. These include the TX600, TX300, TX150, TX1000, TX30, and TX50. The issue revolves around the software’s ability to control access to log files, which can be exploited by attackers to extract session identifiers and execute session hijacking attacks. This vulnerability is of paramount importance as it can potentially lead to a total system compromise and data leakage, affecting industries and organizations using the affected hardware.
Vulnerability Summary
CVE ID: CVE-2025-28233
Severity: Critical (CVSS 9.1)
Attack Vector: Network
Privileges Required: None
User Interaction: None
Impact: System Compromise, Data Leakage
Affected Products
No phone number, email, or personal info required.
Product | Affected Versions
BW Broadcast TX600 | Hardware v2, Software v1.6.0, Control v1.0, AIO Firmware v1.7
BW Broadcast TX300 | As above
BW Broadcast TX150 | As above
BW Broadcast TX1000 | As above
BW Broadcast TX30 | As above
BW Broadcast TX50 | As above
How the Exploit Works
The exploit leverages the faulty access control mechanism in the affected software. By accessing the log files, an attacker can extract session identifiers. With these identifiers, they can execute a session hijacking attack, impersonating a genuine user. This allows them to bypass security measures and gain unauthorized access to sensitive data or systems.
Conceptual Example Code
An attacker might use an HTTP request to gain access to the log files. Here’s a conceptual example:
GET /logfiles/session_ids HTTP/1.1
Host: target.example.comOnce they have the session identifiers, they can use another HTTP request to impersonate a genuine user and hijack their session:
POST /session/login HTTP/1.1
Host: target.example.com
Content-Type: application/json
{ "session_id": "extracted_session_id" }Please note that these are simplified, conceptual examples. The actual exploit may involve additional steps or complex payloads.