16/12/2021

Rice for Pretzels: Attacking a Cisco VPN Gateway 9000 km Away 🌍

A short teaser showing the exploit we used in Pwn2Own Austin 2021, where we hacked the Cisco RV340 router by exploiting a vulnerability over the Wide Area Network (WAN) interface.

But not all WAN vulnerabilities are equal... and this one is exploitable over the Internet, from Thailand to Munich, over 9000 km away!

The vulnerabilities exploited in this video (CVE-2022-20699 / ZDI-22-414 and frens) were revealed in our talk at OffensiveCon 2022, "Pwn2Own'ing Your Router Over the Internet" (https://www.offensivecon.org/speakers/2022/radek-domanski-and-pedro-ribeiro.html).

For more details (and the exploit!) check our advisory:

https://github.com/pedrib/PoC/blob/master/advisories/Pwn2Own/Austin_2021/flashback_connects/flashback_connects.md

https://github.com/rdomanski/Exploits_and_Advisories/blob/master/advisories/Pwn2Own/Austin2021/flashback_connects/flashback_connects.md

Rooting an Arlo Q Plus Camera (SSH 🔙🚪?!)

You Might Also Like

Related Embedded Video Item Thumbnail Rooting an Arlo Q Plus Camera (SSH 🔙🚪?!)
Related Embedded Video Item Thumbnail DNS Remote Code Execution: Finding the Vulnerability 👾 (Part 1)
Related Embedded Video Item Thumbnail How We Hacked a TP-Link Router and Took Home $55,000 in Pwn2Own
Related Embedded Video Item Thumbnail Extracting Firmware from Embedded Devices (SPI NOR Flash) ⚡
Related Embedded Video Item Thumbnail Hacker's Guide to UART Root Shells