{"id":31334,"date":"2025-04-25T18:21:38","date_gmt":"2025-04-25T18:21:38","guid":{"rendered":""},"modified":"2025-05-24T17:20:40","modified_gmt":"2025-05-24T17:20:40","slug":"cve-2025-28233-incorrect-access-control-vulnerability-in-bw-broadcast-hardware","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-28233-incorrect-access-control-vulnerability-in-bw-broadcast-hardware\/","title":{"rendered":"<strong>CVE-2025-28233: Incorrect Access Control Vulnerability in BW Broadcast Hardware<\/strong>"},"content":{"rendered":"<p><strong>Overview<\/strong><\/p>\n<p>The CVE-2025-28233 vulnerability resides in the incorrect access control mechanism of various BW Broadcast hardware versions. These include the TX600, TX300, TX150, TX1000, TX30, and TX50. The issue revolves around the software&#8217;s ability to <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-28229-critical-access-control-vulnerability-in-orban-optimod-5950-firmware-and-system\/\"  data-wpil-monitor-id=\"37217\">control access<\/a> to log files, which can be exploited by attackers to extract session identifiers and execute session hijacking attacks. This vulnerability is of paramount importance as it can potentially <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-27286-deserialization-of-untrusted-data-leads-to-object-injection-in-saoshyant-slider\/\"  data-wpil-monitor-id=\"37027\">lead to a total system compromise and data<\/a> leakage, affecting industries and organizations using the affected hardware.<\/p>\n<p><strong>Vulnerability Summary<\/strong><\/p>\n<p>CVE ID: CVE-2025-28233<br \/>\nSeverity: Critical (CVSS 9.1)<br \/>\nAttack Vector: Network<br \/>\nPrivileges Required: None<br \/>\nUser Interaction: None<br \/>\nImpact: System Compromise, <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-50612-escalation-of-privileges-and-data-leakage-in-fit2cloud-cloud-explorer-lite\/\"  data-wpil-monitor-id=\"41610\">Data Leakage<\/a><\/p>\n<p><strong>Affected Products<\/strong><\/p><div id=\"ameeb-322969702\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 720px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 22px; font-weight: 600; display: flex; align-items: center; letter-spacing: -0.02em;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 10px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 42px; height: 42px;\" \/>\r\n    <\/a>\r\n    Share secrets securely\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 14px; color: #d1d5db;\">\r\n    Ameeba is private infrastructure for communication and sensitive work built on encrypted identity instead of exposed corporate identity systems.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 18px; color: #a1a1aa;\">\r\n    Passwords, credentials, confidential files, screenshots, internal discussions, sensitive AI context, and private coordination should not become exposed across ordinary communication platforms.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 24px; color: #e4e4e7;\">\r\n    <li style=\"margin-bottom: 8px;\">\u2022 Encrypted identity<\/li>\r\n    <li style=\"margin-bottom: 8px;\">\u2022 Private Spaces for organizations and teams<\/li>\r\n    <li style=\"margin-bottom: 8px;\">\u2022 End-to-end encrypted chat, calls, files, and notes<\/li>\r\n    <li style=\"margin-bottom: 8px;\">\u2022 Sensitive AI work and protected collaboration<\/li>\r\n    <li>\u2022 Built for information that cannot leak<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px; color: #ffffff;\">\r\n    Our mission is to secure human work alongside AI.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 8px; font-weight: 500;\">\r\n      Download Ameeba\r\n    <\/a>\r\n\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 8px; font-weight: 500;\">\r\n      Learn More\r\n    <\/a>\r\n  <\/div>\r\n<\/div><\/div>\n<p>Product | Affected Versions<\/p>\n<p>BW Broadcast TX600 | Hardware v2, Software v1.6.0, Control v1.0, AIO Firmware v1.7<br \/>\nBW Broadcast TX300 | As above<br \/>\nBW Broadcast TX150 | As above<br \/>\nBW Broadcast TX1000 | As above<br \/>\nBW Broadcast TX30 | As above<br \/>\nBW Broadcast TX50 | As above<\/p>\n<p><strong>How the Exploit Works<\/strong><\/p>\n<p>The exploit leverages the faulty <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-28230-critical-access-control-vulnerability-in-jmbroadcast-jmb0150-firmware\/\"  data-wpil-monitor-id=\"37670\">access control<\/a> mechanism in the affected software. By <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-43564-improper-access-control-vulnerability-in-coldfusion-leading-to-arbitrary-file-system-read\/\"  data-wpil-monitor-id=\"49368\">accessing the log files<\/a>, an attacker can extract session identifiers. With these identifiers, they can execute a <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-28238-session-hijacking-vulnerability-in-elber-reble310-firmware\/\"  data-wpil-monitor-id=\"37369\">session hijacking<\/a> attack, impersonating a genuine user. This allows them to bypass security measures and gain <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-30960-unauthorized-access-vulnerability-in-notfound-fs-poster\/\"  data-wpil-monitor-id=\"36352\">unauthorized access<\/a> to sensitive data or systems.<\/p>\n<p><strong>Conceptual Example Code<\/strong><\/p><div id=\"ameeb-700052797\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<p>An <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2021-47663-unauthenticated-remote-attacker-gaining-full-access-due-to-improper-json-web-tokens-implementation\/\"  data-wpil-monitor-id=\"41609\">attacker might use an HTTP request to gain access<\/a> to the log files. Here&#8217;s a conceptual example:<\/p>\n<pre><code class=\"\" data-line=\"\">GET \/logfiles\/session_ids HTTP\/1.1\nHost: target.example.com<\/code><\/pre>\n<p>Once they have the session identifiers, they can use another HTTP request to impersonate a genuine user and <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-28242-session-hijacking-vulnerability-in-daenetip4-meto-v1-25\/\"  data-wpil-monitor-id=\"37372\">hijack their session<\/a>:<\/p>\n<pre><code class=\"\" data-line=\"\">POST \/session\/login HTTP\/1.1\nHost: target.example.com\nContent-Type: application\/json\n{ &quot;session_id&quot;: &quot;extracted_session_id&quot; }<\/code><\/pre>\n<p>Please note that these are simplified, conceptual examples. The actual exploit may involve additional steps or complex payloads.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview The CVE-2025-28233 vulnerability resides in the incorrect access control mechanism of various BW Broadcast hardware versions. These include the TX600, TX300, TX150, TX1000, TX30, and TX50. The issue revolves around the software&#8217;s ability to control access to log files, which can be exploited by attackers to extract session identifiers and execute session hijacking attacks. [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[1],"tags":[],"vendor":[],"product":[],"attack_vector":[],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-31334","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/31334","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=31334"}],"version-history":[{"count":8,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/31334\/revisions"}],"predecessor-version":[{"id":44013,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/31334\/revisions\/44013"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=31334"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=31334"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=31334"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=31334"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=31334"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=31334"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=31334"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=31334"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=31334"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}