{"id":31334,"date":"2025-04-25T18:21:38","date_gmt":"2025-04-25T18:21:38","guid":{"rendered":""},"modified":"2025-05-24T17:20:40","modified_gmt":"2025-05-24T17:20:40","slug":"cve-2025-28233-incorrect-access-control-vulnerability-in-bw-broadcast-hardware","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-28233-incorrect-access-control-vulnerability-in-bw-broadcast-hardware\/","title":{"rendered":"<strong>CVE-2025-28233: Incorrect Access Control Vulnerability in BW Broadcast Hardware<\/strong>"},"content":{"rendered":"<p><strong>Overview<\/strong><\/p>\n<p>The CVE-2025-28233 vulnerability resides in the incorrect access control mechanism of various BW Broadcast hardware versions. These include the TX600, TX300, TX150, TX1000, TX30, and TX50. The issue revolves around the software&#8217;s ability to <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-28229-critical-access-control-vulnerability-in-orban-optimod-5950-firmware-and-system\/\"  data-wpil-monitor-id=\"37217\">control access<\/a> to log files, which can be exploited by attackers to extract session identifiers and execute session hijacking attacks. This vulnerability is of paramount importance as it can potentially <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-27286-deserialization-of-untrusted-data-leads-to-object-injection-in-saoshyant-slider\/\"  data-wpil-monitor-id=\"37027\">lead to a total system compromise and data<\/a> leakage, affecting industries and organizations using the affected hardware.<\/p>\n<p><strong>Vulnerability Summary<\/strong><\/p>\n<p>CVE ID: CVE-2025-28233<br \/>\nSeverity: Critical (CVSS 9.1)<br \/>\nAttack Vector: Network<br \/>\nPrivileges Required: None<br \/>\nUser Interaction: None<br \/>\nImpact: System Compromise, <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-50612-escalation-of-privileges-and-data-leakage-in-fit2cloud-cloud-explorer-lite\/\"  data-wpil-monitor-id=\"41610\">Data Leakage<\/a><\/p>\n<p><strong>Affected Products<\/strong><\/p><div id=\"ameeb-1332690280\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 700px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 20px; font-weight: 600; display: flex; align-items: center;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 8px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 40px; height: 40px;\" \/>\r\n    <\/a>\r\n    A new way to communicate\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 12px;\">\r\n    Ameeba Chat is built on encrypted identity, not personal profiles.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 16px;\">\r\n    Message, call, share files, and coordinate with identities kept separate.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 20px;\">\r\n    <li>\u2022 Encrypted identity<\/li>\r\n    <li>\u2022 Ameeba Chat authenticates access<\/li>\r\n    <li>\u2022 Aliases and categories<\/li>\r\n    <li>\u2022 End-to-end encrypted chat, calls, and files<\/li>\r\n    <li>\u2022 Secure notes for sensitive information<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px;\">\r\n    Private communication, rethought.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Download Ameeba Chat<\/a>\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Learn More<\/a>\r\n  <\/div>\r\n<\/div>\r\n<\/div>\n<p>Product | Affected Versions<\/p>\n<p>BW Broadcast TX600 | Hardware v2, Software v1.6.0, Control v1.0, AIO Firmware v1.7<br \/>\nBW Broadcast TX300 | As above<br \/>\nBW Broadcast TX150 | As above<br \/>\nBW Broadcast TX1000 | As above<br \/>\nBW Broadcast TX30 | As above<br \/>\nBW Broadcast TX50 | As above<\/p>\n<p><strong>How the Exploit Works<\/strong><\/p>\n<p>The exploit leverages the faulty <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-28230-critical-access-control-vulnerability-in-jmbroadcast-jmb0150-firmware\/\"  data-wpil-monitor-id=\"37670\">access control<\/a> mechanism in the affected software. By <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-43564-improper-access-control-vulnerability-in-coldfusion-leading-to-arbitrary-file-system-read\/\"  data-wpil-monitor-id=\"49368\">accessing the log files<\/a>, an attacker can extract session identifiers. With these identifiers, they can execute a <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-28238-session-hijacking-vulnerability-in-elber-reble310-firmware\/\"  data-wpil-monitor-id=\"37369\">session hijacking<\/a> attack, impersonating a genuine user. This allows them to bypass security measures and gain <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-30960-unauthorized-access-vulnerability-in-notfound-fs-poster\/\"  data-wpil-monitor-id=\"36352\">unauthorized access<\/a> to sensitive data or systems.<\/p>\n<p><strong>Conceptual Example Code<\/strong><\/p><div id=\"ameeb-3663741190\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<p>An <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2021-47663-unauthenticated-remote-attacker-gaining-full-access-due-to-improper-json-web-tokens-implementation\/\"  data-wpil-monitor-id=\"41609\">attacker might use an HTTP request to gain access<\/a> to the log files. Here&#8217;s a conceptual example:<\/p>\n<pre><code class=\"\" data-line=\"\">GET \/logfiles\/session_ids HTTP\/1.1\nHost: target.example.com<\/code><\/pre>\n<p>Once they have the session identifiers, they can use another HTTP request to impersonate a genuine user and <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-28242-session-hijacking-vulnerability-in-daenetip4-meto-v1-25\/\"  data-wpil-monitor-id=\"37372\">hijack their session<\/a>:<\/p>\n<pre><code class=\"\" data-line=\"\">POST \/session\/login HTTP\/1.1\nHost: target.example.com\nContent-Type: application\/json\n{ &quot;session_id&quot;: &quot;extracted_session_id&quot; }<\/code><\/pre>\n<p>Please note that these are simplified, conceptual examples. The actual exploit may involve additional steps or complex payloads.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview The CVE-2025-28233 vulnerability resides in the incorrect access control mechanism of various BW Broadcast hardware versions. These include the TX600, TX300, TX150, TX1000, TX30, and TX50. The issue revolves around the software&#8217;s ability to control access to log files, which can be exploited by attackers to extract session identifiers and execute session hijacking attacks. [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[1],"tags":[],"vendor":[],"product":[],"attack_vector":[],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-31334","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/31334","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=31334"}],"version-history":[{"count":8,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/31334\/revisions"}],"predecessor-version":[{"id":44013,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/31334\/revisions\/44013"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=31334"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=31334"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=31334"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=31334"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=31334"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=31334"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=31334"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=31334"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=31334"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}