IoT
Pwn2Own TORONTO 2023 (CVE-2024-1179) & TP-Link Omada ER605
1介绍&固件下载漏洞点在client端,而且client端会挂载到546这个端口上,学习后知道client会接收server发送的确认报文所以漏洞点是在处理接收报文时发生的...
Hacking a Tapo TC60 Camera
A little while ago, I spotted a Tapo TC60 “Smart Security Camera” on sale at Amazon UK. After my adventures with a smart lockbox and an old safe lo...
CVE-2024-2856 Tenda AC10栈溢出
CVE-2024-2856 Tenda AC10栈溢出漏洞详情按照漏洞通报找到作者提交的漏洞详情,下载固件:链接可知漏洞点在向/goform/SetSysTimeCfg发送POST数据时:如果参数...
Rooting Xiaomi WiFi Routers
Introduction 介绍 Our research focused on the MI AIoT Router AC2350 with the aim to obtain remote code execution on the LAN and WAN interfaces. We ...
小米WiFi路由器漏洞挖掘-WAN 命令注入、LAN 认证后堆栈缓冲区溢出、LAN 身份验证命令注入、WAN 堆栈缓冲区溢出
我们的研究重点是MI AIoT Router AC2350在 LAN 和 WAN 接口上获得远程代码执行。我们在路由器中发现了多个漏洞,允许攻击者获得路由器的 root 访问权限。我们...
原创 Paper | 探秘 Zyxel 设备:固件提取分析
作者:fan@知道创宇404实验室时间:2024年3月27日1 前言参考资料部门近期应急了一个 Zyxel VPN 未授权 RCE,在尝试进行漏洞复现的过程中,发...
带自组网无人机机载电台实现技术,50KM超远媒体宽带传输系统实现步骤详解
宽带自组网无人机机载电台是一种专门为无人机设计的通信设备,它支持宽带数据传输和自组网功能。这种电台通常采用高性能的调制解调技术、信号处理技术和编码...
BlueSpy – Spying on Bluetooth conversations
BlueSpy is a proof of concept for exploiting vulnerabilities in Bluetooth headsets and eavesdropping on private conversations BlueSpy是利用蓝牙耳机...
PrintListener: remote fingerprint theft
Researchers from the U.S. and China recently published a paper proposing a mindboggling new method of fingerprint theft… 来自美国和中国的研究人员最...
Unsaflok flaw can let hackers unlock millions of hotel doors
Researchers disclosed vulnerabilities today that impact 3 million Saflok electronic RFID locks deployed in 13,000 hotels and homes worldwide, allow...