Hack2Win

SSD Advisory – iOS powerd Uninitialized Mach Message Reply to Sandbox Escape and Privilege Escalation

(This advisory follows up on a vulnerability provided in Hack2Win Extreme competition, that won the iOS Privilege Escalation category in our offensive security event in 2018 in Hong Kong – come join us at TyphoonCon – June 2019 in Seoul for more offensive security lectures and training)Vulnerabilities SummaryThe following advisory describes security bugs discovered in …

SSD Advisory – iOS powerd Uninitialized Mach Message Reply to Sandbox Escape and Privilege Escalation Read More »

SSD Advisory – Firefox JavaScript Type Confusion RCE

Vulnerabilities Summary A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write, which leads to remote code execution inside the sandboxed content process when triggered. Vendor Response The reported security vulnerability was fixed in Firefox 62.0.3 and Firefox ESR 60.2.2. CVE CVE-2018-12386 Credit Independent security researchers, …

SSD Advisory – Firefox JavaScript Type Confusion RCE Read More »

SSD Advisory – Firefox Information Leak

Vulnerabilities Summary A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. Vendor Response The security …

SSD Advisory – Firefox Information Leak Read More »

SSD Advisory – Hack2Win – Cisco RV132W Multiple Vulnerabilities

Vulnerabilities Summary The following advisory describes two (2) vulnerabilities found in Cisco RV132W Wireless N VPN version 1.0.1.8 The Cisco RV132W Wireless-N ADSL2+ VPN Router is “easy to use, set up, and deploy. This flexible router offers great performance and is suited for small or home offices (SOHO) and smaller deployments.” The vulnerabilities found are: …

SSD Advisory – Hack2Win – Cisco RV132W Multiple Vulnerabilities Read More »

SSD Advisory – Hack2Win – Asus Unauthenticated LAN Remote Command Execution

Vulnerabilities Summary The following advisory describes two (2) vulnerabilities found in AsusWRT Version 3.0.0.4.380.7743. The combination of the vulnerabilities leads to LAN remote command execution on any Asus router. AsusWRT is “THE POWERFUL USER-FRIENDLY INTERFACE – The enhanced ASUSWRT graphical user interface gives you easy access to the 30-second, 3-step web-based installation process. It’s also …

SSD Advisory – Hack2Win – Asus Unauthenticated LAN Remote Command Execution Read More »

SSD Advisory – D-Link 850L Multiple Vulnerabilities (Hack2Win Contest)

Vulnerabilities Summary The following advisory describe three (3) vulnerabilities found in D-Link 850L router. The vulnerabilities have been reported as part of Hack2Win competition, for more information about Hack2Win – Hack2Win – https://blogs.securiteam.com/index.php/archives/3310. The vulnerabilities found in D-Link 850L are: Remote Command Execution via WAN and LAN Remote Unauthenticated Information Disclosure via WAN and LAN …

SSD Advisory – D-Link 850L Multiple Vulnerabilities (Hack2Win Contest) Read More »

Hack2Win – The Online Version – Ubiquiti Router

After the great success of the first “Hack2Win – The Online Version” (https://blogs.securiteam.com/index.php/archives/3310 ) we decided to raise the bar. The rules are very simple – you need to hack the Ubiquiti EdgeRouter X router (ER-X) and you can win up to 10,000$ USD. To be clear, this program is not endorsed by Ubiquiti Networks, …

Hack2Win – The Online Version – Ubiquiti Router Read More »

Hack2Win 2017 D-Link 850L Results

On June 11th 2017 we announced the first online version of our ‘Hack2Win’ hacking competition. We allocated $10,000 USD as pay outs to valid submissions, and 2 months of competition time – by making the product available on the internet – to allow everyone a chance to hack it. The device was made publicly accessible …

Hack2Win 2017 D-Link 850L Results Read More »

?

Get in touch