16/12/2021

Rice for Pretzels: Attacking a Cisco VPN Gateway 9000 km Away 🌍

A short teaser showing the exploit we used in Pwn2Own Austin 2021, where we hacked the Cisco RV340 router by exploiting a vulnerability over the Wide Area Network (WAN) interface.

But not all WAN vulnerabilities are equal... and this one is exploitable over the Internet, from Thailand to Munich, over 9000 km away!

The vulnerabilities exploited in this video (CVE-2022-20699 / ZDI-22-414 and frens) were revealed in our talk at OffensiveCon 2022, "Pwn2Own'ing Your Router Over the Internet" (https://www.offensivecon.org/speakers/2022/radek-domanski-and-pedro-ribeiro.html).

For more details (and the exploit!) check our advisory:

https://github.com/pedrib/PoC/blob/master/advisories/Pwn2Own/Austin_2021/flashback_connects/flashback_connects.md

https://github.com/rdomanski/Exploits_and_Advisories/blob/master/advisories/Pwn2Own/Austin2021/flashback_connects/flashback_connects.md

Previous

Rooting an Arlo Q Plus Camera (SSH πŸ”™πŸšͺ?!)