Leaked .git folder leads to RCE
Today I wanted to share my first big success story from my bug bounty attempts. Although the issue has been fixed, the report has not been officially disclosed yet. Therefore, the target today will be everyone’s favorite “redacted.com”. While my methodology for approaching a new target seemingly evolves every time I go through it, one…
More Information Disclosure in Wavlink Devices: CVE-2020-10973, CVE-2020-10974, and CVE-2020-12266
After my previous adventures with a Wavlink router led to Remote Code Execution, I decided to pivot my focus. I started by looking at what else was exposed on the router, and then purchased two other Wavlink devices to see if they had the same issues. I got two Wifi extenders, the WL-WN579G3 and the…
Multiple Vulnerabilities in Wavlink Router leads to Unauthenticated RCE – CVE-2020-10971 and CVE-2020-10972
With everyday household items becoming “smart” and connected to the internet, I was interested in seeing how much effort companies were putting into security. I decided it would be a great hobby to buy cheap Chinese technology off of Amazon and see what I could find out. After searching for routers, I found one from…
Follow My Blog
Get new content delivered directly to your inbox.