PT-2025-48102 · Db Elettronica Telecomunicazioni Spa · Mozart Fm Transmitter
Abdul Mhanni
·
Published
2025-11-26
·
Updated
2025-12-24
·
CVE-2025-66250
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000
Description
The software contains an unauthenticated arbitrary file upload issue via the
/var/tdf/status contents.php API endpoint. An attacker can exploit this to upload files without authentication. The vulnerable component is status contents.php.Recommendations
Versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, and 7000 should be updated to a fixed version. As a temporary workaround, restrict access to the
/var/tdf/status contents.php endpoint.Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mozart Fm Transmitter