(This advisory follows up on a vulnerability provided in Hack2Win Extreme competition, that won the iOS Privilege Escalation category in our offensive security event in 2018 in Hong Kong – come join us at TyphoonCon – June 2019 in Seoul for more offensive security lectures and training)Vulnerabilities SummaryThe following advisory describes security bugs discovered in …
Vulnerabilities Summary A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write, which leads to remote code execution inside the sandboxed content process when triggered. Vendor Response The reported security vulnerability was fixed in Firefox 62.0.3 and Firefox ESR 60.2.2. CVE CVE-2018-12386 Credit Independent security researchers, …
SSD Advisory – Firefox JavaScript Type Confusion RCE Read More »
Vulnerabilities Summary A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. Vendor Response The security …
In our upcoming Hack2Win eXtreme event in Hong Kong we will be asking contest participants to come and try their skills breaking into devices and software, showing their abilities in finding vulnerabilities in iOS and Android, as well as in Chrome and Firefox. In preparation for the event, we are launching a “warm up” event …
Vulnerabilities Summary The following advisory describes two (2) vulnerabilities found in Cisco RV132W Wireless N VPN version 1.0.1.8 The Cisco RV132W Wireless-N ADSL2+ VPN Router is “easy to use, set up, and deploy. This flexible router offers great performance and is suited for small or home offices (SOHO) and smaller deployments.” The vulnerabilities found are: …
SSD Advisory – Hack2Win – Cisco RV132W Multiple Vulnerabilities Read More »
Vulnerabilities Summary The following advisory describes two (2) vulnerabilities found in AsusWRT Version 3.0.0.4.380.7743. The combination of the vulnerabilities leads to LAN remote command execution on any Asus router. AsusWRT is “THE POWERFUL USER-FRIENDLY INTERFACE – The enhanced ASUSWRT graphical user interface gives you easy access to the 30-second, 3-step web-based installation process. It’s also …
SSD Advisory – Hack2Win – Asus Unauthenticated LAN Remote Command Execution Read More »
Hack2Win is a hacking competition we launched 5 years ago. The competition had so far two flavors – Hack2Win Online and Hack2Win CodeBlue. We decided to go big this year and with Hack2Win eXtreme! Hack2Win eXtreme will focus on two primary targets, browsers and mobile. We have up to $500,000 USD to give away! The …
Happy new year everyone! Hope you had the chance to celebrate and think about all the good things that happened to you in 2017. We have a nice surprise for you – this link is worth 1,000$ USD !* *You don’t need to hack the website, the money is out there in the link* We …
Vulnerabilities Summary The following advisory describe three (3) vulnerabilities found in D-Link 850L router. The vulnerabilities have been reported as part of Hack2Win competition, for more information about Hack2Win – Hack2Win – https://blogs.securiteam.com/index.php/archives/3310. The vulnerabilities found in D-Link 850L are: Remote Command Execution via WAN and LAN Remote Unauthenticated Information Disclosure via WAN and LAN …
SSD Advisory – D-Link 850L Multiple Vulnerabilities (Hack2Win Contest) Read More »
After the great success of the first “Hack2Win – The Online Version” (https://blogs.securiteam.com/index.php/archives/3310 ) we decided to raise the bar. The rules are very simple – you need to hack the Ubiquiti EdgeRouter X router (ER-X) and you can win up to 10,000$ USD. To be clear, this program is not endorsed by Ubiquiti Networks, …
On June 11th 2017 we announced the first online version of our ‘Hack2Win’ hacking competition. We allocated $10,000 USD as pay outs to valid submissions, and 2 months of competition time – by making the product available on the internet – to allow everyone a chance to hack it. The device was made publicly accessible …
We proud to announce the first online hacking competition! The rules are very simple – you need to hack the D-link router (AC1200 / DIR-850L) and you can win up to 5,000$ USD. To try and help you win – we bought a D-link DIR-850L device and plugged it to the internet (we will disclose …
Any questions? Interested in our services?
We’d love to hear from you
