The vulnerability we found was a stack-based buffer overflow. This looked like a good candidate to exploit since we assumed most teams would go for the easy wins. This process handles SOAP messages related to management functionality, mostly in the LAN. It didn’t take long before we found an easy to find but difficult to exploit vulnerability in the soap_serverd process running on port 5000. Instead, we decided to dig deeper and uncover more complex and novel vulnerabilities that would provide us with a competitive advantage. However, since the competition reduces points for duplicate issues, we knew that simply reporting these vulnerabilities would not be enough. In fact, right at the beginning of our research, we identified several vulnerabilities that were trivially exploitable. ![]() When conducting research for a Pwn2Own competition, it is not uncommon to discover multiple vulnerabilities in the targeted device or software. Here, we will explore the research we conducted on the Netgear RAX30 router, below, for the Pwn2Own competition. This competition brought together experienced hackers to demonstrate their skills in finding and exploiting vulnerabilities in these devices. To highlight the vulnerabilities of IoT devices and encourage better security practices from manufacturers, the Zero Day Initiative (ZDI) organized a Pwn2Own competition last fall in Toronto that focused on hacking into IoT devices such as printers, network-attached storage (NAS) devices, routers, and smart speakers. The Internet of Things (IoT) has become an increasingly popular target for cyber attacks in recent years because these devices are often poorly secured and can be easily compromised. Team82's proof-of-concept exploit targeting NETGEAR's Nighthawk RAX30 routers. Users are urged to upgrade their RAX30 routers to address these vulnerabilities see NETGEAR’s security advisory for mitigation and remediation information. Team82 developed an exploit chain using all five vulnerabilities to exploit affected versions of the NETGEAR router while bypassing binary protection mechanisms like stack canaries. More information on each vulnerability can be found on Team82’s Disclosure Dashboard: ![]() Successful exploits could allow attackers to monitor users' internet activity, highjack internet connections and redirect traffic to malicious websites or inject malware into network traffic.Īn attacker could also use these vulnerabilities to access and control networked smart devices (security cameras, thermostats, smart locks), change router settings including credentials or DNS settings, or use a compromised network to launch attacks against other devices or networks. NETGEAR has patched all five vulnerabilities uncovered by Team82, three of which were high-severity vulnerabilities that enable pre-authentication remote code execution, command injection, or authentication bypasses. ![]() Pwn2Own Toronto categories included smart small office and home office devices, including routers, network-attached storage, home automation hubs, smart speakers, mobile phones and more. Team82 disclosed five vulnerabilities in NETGEAR’s Nighthawk RAX30 routers as part of its research and participation in last December’s Pwn2Own Toronto hacking competition.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |