The Itel DAB Gateway (IDGat build c041640a) is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obtained from one device to authenticate and gain administrative access to any other device running the same firmware, even if the passwords and networks are different. This allows full compromise of affected devices.
The JWT validation mechanism in the Itel DAB Gateway firmware does not properly verify the token's association with a specific device. A JWT token generated after authentication on one device is accepted by all other devices with the same firmware build (c041640a), regardless of differences in passwords or network configuration. This is a session fixation / improper authentication error (CWE-287, CWE-384) — the device does not bind the session to its source, allowing token reuse (token replay) in an unauthorized context.
The attacker gains full administrative access to the vulnerable device without knowing its password, leading to complete device takeover, breach of confidentiality, integrity and availability of services supported by it.
Apply patches available from the manufacturer according to the references. Until the fix is implemented, it is recommended to restrict network access to device management interfaces only to trusted hosts and implement network segmentation to prevent unauthorized access to administrative panels.
Itel DAB Gateway (IDGat) with firmware build c041640a; products: Itel Idgateway and Itel Idgateway Firmware
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HItel Idgateway
HWItelwszystkie wersjeItel Idgateway Firmware
OSItelwszystkie wersje
Related vulnerabilities
Itel DAB Encoder – Authentication Bypass przez nieprawidłową walidację JWT
Authentication Bypass w Itel DAB MUX — wielourządzeniowe nadużycie tokenów JWT
The ITEL ISO FM SFN Adapter (firmware ISO2 2.0.0.0, WebServer 2.0) is vulnerable to session hijacking due to i...