![]() ![]() Team Viettel was able to execute a Command Injection, Root Shell attack against the LAN interface of the TP-Link AX1800 router.Bugscale was able to successful launch an attack against the Synology router and HP Printer.The exploits they used were previously used in the competition. PHPHooligans executed two exploits against the WAN interface of the NETGEAR RAX30 AX2400.Tri Dang from Qrious Secure exploited the LAN interface of the NETGEAR RAX30 AX2400 using a bug that had been seen earlier in the contest. ![]() ![]() However, the exploit they used was seen earlier in the competition. NCC Group EDG was able to execute a command injection attack against the LAN interface of the Synology RT6600ax.Neodyme executed an attack using three bugs against a NETGEAR router and an HP printer.Claroty Research was able to execute five different bugs in an attack against the LAN interface of the NETGEAR RAX30 AX2400 router.DEVCORE became the first team to successfully execute two different Stack-based buffer overflow attacks against a Mikrotik RB2011 router and a Canon printer in the SOHO SMASHUP category.Interrupt Labs was able to execute two bugs (SQL injection and command injection) against the LAN interface of the NETGEAR RAX30 AX2400.Computest was able to execute a command injection root shell attack against the LAN interface of the Synology RT6600ax.Gaurav Baruah was able to execute a command injection attack against the WAN interface of the Synology RT6600ax.Tri Dang and Bien Pham from Qrious Secure were able to execute a two bug (authentication bypass and command injection) attack against the WAN interface of the TP-Link AX1800.To me, the take-away from this is to avoid consumer routers. All the routers were running the latest firmware. The contest involved hacking multiple types of devices, only the router exploits are shown below. One highlight is that Synology seems to have gotten the worst of it, the RT6600ax was hacked by Multiple consumer routers were hacked by many different groups. Many routers hacked at the PWN2OWN contest Articles that offer security advice are listed on the Other router security advice page. The flaws that are exploited are documented on the Bugs page. I am still waiting for a good news story about routers. Routers in the news, pretty much means routers getting exploited by bad guys to do bad things. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |