Positron Broadcast Signal Processor TRA7005 1.20 Authentication Bypass

The Positron Broadcast Digital Signal Processor TRA7005 version 1.20 suffers from an authentication bypass through a direct and unauthorized access to the password management functionality. The vulnerability allows attackers to bypass Digest authentication by manipulating the password endpoint _Passwd.html and its payload data to set a user's password to arbitrary value or remove it entirely. This grants unauthorized access to protected areas (/user, /operator, /admin) of the application without requiring valid credentials, compromising the device's system security.

access attackers authentication authentication bypass broadcast bypass data digest digital endpoint html management password password management payload processor signal unauthorized unauthorized access value version version 1 vulnerability