dbbroadcast mozart_dds_next_2000_firmware CVE Vulnerabilities (17)

CVEs: 17 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting dbbroadcast mozart_dds_next_2000_firmware (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 117 of 17 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2025-66263 Unauthenticated Arbitrary File Read via Null Byte Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Null byte injection in download_setting.php allows reading arbitrary files. The `/var/tdf/download_setting.php` endpoint constructs file paths by concatenating user-controlled `$_GET['filename']` with a forced `.tgz` extension. Running on PHP 5.3.2 (pre-5.3.4), the application b7efe717-a805-47cf-8e9a-921fca0ce0ce 8.9 0.35% 2025-11-25 2026-06-17
CVE-2025-66262 Arbitrary File Overwrite via Tar Extraction Path Traversal in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Tar extraction with -C / allow arbitrary file overwrite via crafted archive. The `restore_mozzi_memories.sh` script extracts user-controlled tar archives with `-C /` flag, depositing contents to the filesystem root without path validation. When combined with the unauthenticated b7efe717-a805-47cf-8e9a-921fca0ce0ce 9.3 1.27% 2025-11-25 2026-06-17
CVE-2025-66261 Unauthenticated OS Command Injection (restore_settings.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform URL-decoded name parameter passed to exec() allows remote code execution. The `/var/tdf/restore_settings.php` endpoint passes user-controlled `$_GET["name"]` parameter through `urldecode()` directly into `exec()` without validation or escaping. Attackers can inject arbitrary sh b7efe717-a805-47cf-8e9a-921fca0ce0ce 9.9 2.09% 2025-11-25 2026-06-17
CVE-2025-66260 PostgreSQL SQL Injection (status_sql.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform SQL injection via sw1 and sw2 parameters in status_sql.php. The `status_sql.php` endpoint constructs SQL UPDATE queries by directly concatenating user-controlled `sw1` and `sw2` parameters without using parameterized queries or `pg_escape_string()`. While PostgreSQL's `pg_exec` limitations preve b7efe717-a805-47cf-8e9a-921fca0ce0ce 7.2 0.26% 2025-11-25 2026-06-17
CVE-2025-66259 Authenticated Root Remote Code Execution via improrer user input filtering in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform in main_ok.php user supplied data/hour/time is passed directly into date shell command b7efe717-a805-47cf-8e9a-921fca0ce0ce 9.3 0.56% 2025-11-25 2026-06-17
CVE-2025-66258 Stored Cross-Site Scripting via XML Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Stored XSS via crafted filenames injected into patchlist.xml. User-controlled filenames are directly concatenated into `patchlist.xml` without encoding, allowing injection of malicious JavaScript payloads via crafted filenames (e.g., `<img src=x onerror=alert()>.bin`). The XSS executes when b7efe717-a805-47cf-8e9a-921fca0ce0ce 7.1 0.16% 2025-11-25 2026-06-17
CVE-2025-66257 Unauthenticated Arbitrary File Deletion (patch_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deletepatch parameter allows unauthenticated deletion of arbitrary files. The `deletepatch` parameter in `patch_contents.php` allows unauthenticated deletion of arbitrary files in `/var/www/patch/` directory without sanitization or access control checks. b7efe717-a805-47cf-8e9a-921fca0ce0ce 9.2 0.32% 2025-11-25 2026-06-17
CVE-2025-66256 Unauthenticated Arbitrary File Upload (patch_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Unrestricted file upload in patch_contents.php allows uploading malicious files. The `/var/tdf/patch_contents.php` endpoint allows unauthenticated arbitrary file uploads without file type validation, MIME checking, or size restrictions beyond 16MB, enabling attackers to upload b7efe717-a805-47cf-8e9a-921fca0ce0ce 9.9 0.37% 2025-11-25 2026-06-17
CVE-2025-66255 Unauthenticated Arbitrary File Upload (upgrade_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Missing signature validation allows uploading malicious firmware packages.  The firmware upgrade endpoint in `upgrade_contents.php` accepts arbitrary file uploads without validating file headers, cryptographic signatures, or enforcing .tgz format requirements, allowing malicio b7efe717-a805-47cf-8e9a-921fca0ce0ce 9.9 0.32% 2025-11-25 2026-06-17
CVE-2025-66254 Unauthenticated Arbitrary File Deletion (upgrade_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deleteupgrade parameter allows unauthenticated deletion of arbitrary files.  The `deleteupgrade` parameter in `/var/www/upgrade_contents.php` allows unauthenticated deletion of arbitrary files in `/var/www/upload/` without any extension restriction or path sanitization, b7efe717-a805-47cf-8e9a-921fca0ce0ce 7.8 0.33% 2025-11-25 2026-06-17
CVE-2025-66253 Unauthenticated OS Command Injection (start_upgrade.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform User input passed directly to exec() allows remote code execution via start_upgrade.php. The `/var/tdf/start_upgrade.php` endpoint passes user-controlled `$_GET["filename"]` directly into `exec()` without sanitization or shell escaping. Attackers can inject arbitrary shell command b7efe717-a805-47cf-8e9a-921fca0ce0ce 9.9 2.09% 2025-11-25 2026-06-17
CVE-2025-66252 Infinite Loop Denial of Service via Failed File Deletion in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Infinite loop when unlink() fails in status_contents.php causing DoS. Due to the fact that the unlink operation is done in a while loop; if an immutable file is specified or otherwise a file in which the process has no permissions to delete; it would repeatedly attempt to do in a b7efe717-a805-47cf-8e9a-921fca0ce0ce 8.4 0.31% 2025-11-25 2026-06-17
CVE-2025-66251 Unauthenticated Path Traversal with Arbitrary File Deletion in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deletehidden parameter allows path traversal deletion of arbitrary .tgz files. b7efe717-a805-47cf-8e9a-921fca0ce0ce 7.7 0.41% 2025-11-25 2026-06-17
CVE-2025-66250 Unauthenticated Arbitrary File Upload (status_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Allows unauthenticated arbitrary file upload via /var/tdf/status_contents.php. b7efe717-a805-47cf-8e9a-921fca0ce0ce 9.2 0.38% 2025-11-25 2026-06-17
CVE-2025-63229 The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains a reflected Cross-Site Scripting (XSS) vulnerability in the /main0.php endpoint. By injecting a malicious JavaScript payload into the ?m= query parameter, an attacker can execute arbitrary code in the victim's browser, potentially stealing sensitive information, hijacking sessions, or performing unauthorized actions. [email protected] 5.4 0.27% 2025-11-18 2026-06-17
CVE-2025-63228 The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains an unauthenticated file upload vulnerability in the /upload_file.php endpoint. An attacker can exploit this by sending a crafted POST request with a malicious file (e.g., a PHP webshell) to the server. The uploaded file is stored in the /upload/ directory, enabling remote code execution and full system compromise. [email protected] 9.8 0.67% 2025-11-18 2026-06-17
CVE-2025-63227 The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains an unrestricted file upload vulnerability in the /patch.php endpoint. An attacker with administrative credentials can upload arbitrary files (e.g., PHP webshells), which are stored in the /patch/ directory. This allows the attacker to execute arbitrary commands on the server, potentially leading to full system compromise. [email protected] 7.2 0.56% 2025-11-18 2026-06-17
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence