Explore >> Select a destination
|
You are here 
|
sergioprado.blog | ||
| | | | |
www.sixfoisneuf.fr
|
|
| | | | | ||
| | | | |
axelp.io
|
|
| | | | | [AI summary] The provided text details a reverse-engineering and security analysis of a projector's firmware, leading to the discovery of a potential remote code execution (RCE) vulnerability. The author explored the firmware's CGI scripts and libraries, identified a command injection vulnerability in the `connect_network` function, and found that it could be exploited by sending a crafted HTTP request. However, the author's findings could not be validated due to the product being end-of-life (EOL), and the vulnerability may not be exploitable on newer devices due to hardware differences. | |
| | | | |
reverse.put.as
|
|
| | | | | Note: the original post was written in 2017 when there weren't many posts discussing direct attacks to firmware flash. It also took a while to get in touch with the ISP to give them a chance to fix some of the issues described (in particular the ACS access) and then it was left in draft mode until today. I just made a quick revision and fixed quite a few dead links. | |
| | | | |
gist.github.com
|
|
| | | GitHub Gist: instantly share code, notes, and snippets. | ||
