> For the complete documentation index, see [llms.txt](https://strik3r.gitbook.io/strik3r-blog/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://strik3r.gitbook.io/strik3r-blog/security-research/cves-pocs/cve-2023-37835.md).

# CVE-2023-37835

### <mark style="color:yellow;">**Description**</mark>&#x20;

An Insecure Direct Object Reference (IDOR) in Elenos ETG150 FMtransmitter v3.12 allows attackers to bypass authorization and access resources in the system directly.

**Discoverer: Eslam Kamal (Strik3r)**

**Vendor of Product: Elenos**

**Affected Product: Elenos ETG150 FM transmitter - 3.12**

### <mark style="color:yellow;">Details</mark>

Find full details here:

### [<mark style="color:yellow;">POC</mark>](https://github.com/strik3r0x1/Vulns/blob/main/\(IDOR\)%20leads%20to%20events%20profiles%20access%20-%20Elenos.md)
