About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Unauthenticated LAN remote code execution in AsusWRT- 13

Pedro RibeiroPosted 6 Years Ago
  • Interesting because the request is made BEFORE authentication has been done, making a request on the router, by the router, to bypass authentication.
  • This essentially bypasses authentication on POST requests, entirely. From there, there are several configuration settings that can set (including Admin password).
  • After having the Administrative password, it is trivial to enable SSH access (for yourself) to run arbitrary commands. I personally would not call this a RCE bug; I would call this is a privilege escalation bug that can lead to RCE.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed