Awesome
Exploits and Advisories
Repository that tracks public exploits, vulnerabilities and advisories that I [co-]discovered or [co-]authored.
CVEs
CVE | ID | Target | Description | Disclosure |
---|---|---|---|---|
CVE-2020-10881 | ZDI-20-333 | TP-Link Archer A7/C7 | DNS stack overflow | Pwn2Own Tokyo 2019 |
CVE-2020-10882 | ZDI-20-334 | TP-Link Archer A7/C7 | command injection | Pwn2Own Tokyo 2019 |
CVE-2020-10883 | ZDI-20-335 | TP-Link Archer A7/C7 | insecure filesystem | Pwn2Own Tokyo 2019 |
CVE-2020-10884 | ZDI-20-336 | TP-Link Archer A7/C7 | hardcoded crypto key | Pwn2Own Tokyo 2019 |
CVE-2020-10885 | ZDI-20-337 | TP-Link Archer A7/C7 | DNS validation error | Pwn2Own Tokyo 2019 |
CVE-2020-10923 | ZDI-20-703 | Netgear R6700 | auth bypass | Pwn2Own Tokyo 2019 |
CVE-2020-10924 | ZDI-20-704 | Netgear R6700 | stack buffer overflow | Pwn2Own Tokyo 2019 |
CVE-2020-10925 | ZDI-20-705 | Netgear R6700 | improper cert validation | Pwn2Own Tokyo 2019 |
CVE-2020-10926 | ZDI-20-706 | Netgear R6700 | download and execution of unverified code | Pwn2Own Tokyo 2019 |
CVE-2020-10927 | ZDI-20-707 | Netgear R6700 | hardcoded crypto keys / weak crypto | Pwn2Own Tokyo 2019 |
CVE-2020-12004 | ZDI-20-685 | Inductive Automation Ignition | missing authentication | Pwn2Own Miami 2020 |
CVE-2020-10544 | ZDI-20-686 | Inductive Automation Ignition | deserialization of untrusted data | Pwn2Own Miami 2020 |
CVE-2020-12027 | ZDI-20-727 | Rockwell FactoryTalk SE | info disclosure (project list) | Pwn2Own Miami 2020 |
ZDI-20-728 | Rockwell FactoryTalk SE | info disclosure (project path) | Pwn2Own Miami 2020 | |
CVE-2020-12028 | ZDI-20-729 | Rockwell FactoryTalk SE | missing auth for critical function | Pwn2Own Miami 2020 |
CVE-2020-12029 | ZDI-20-730 | Rockwell FactoryTalk SE | directory traversal | Pwn2Own Miami 2020 |
CVE-2020-12009 | ZDI-20-777 | Iconics Genesis64 | dir traversal / rce | Pwn2Own Miami 2020 |
CVE-2020-15635 | ZDI-20-936 | Netgear R6700 | pre-authentication buffer overflow | |
CVE-2020-15636 | ZDI-20-937 | Netgear R6400, R6700, R7000, R7850, R7900, R8000, RS400, XR300 | stack buffer overflow | |
CVE-2020-28347 | TP-Link Archer A7/C7 | command injection | Pwn2Own Miami 2020 | |
CVE-2021-27245 | ZDI-21-214 | TP-Link Archer A7 | Firewall Bypass Vulnerability | Pwn2Own Tokyo 2020 |
CVE-2021-27251 | ZDI-21-247 | Netgear Nighthawk R7800 | ready-genie-cloud Insecure Download of Critical Component RCE | Pwn2Own Tokyo 2020 |
CVE-2021-27257 | ZDI-21-264 | Netgear Nighthawk R7800 | ready-genie-cloud Improper Certificate Validation RCE | |
CVE-2021-31505 | ZDI-21-683 | Arlo Q Plus | SSH Use of Hard-coded Credentials Privilege Escalation Vulnerability | |
CVE-2021-35003 | ZDI-22-080 | TP-Link Archer C90 | DNS stack buffer overflow | |
CVE-2021-35004 | ZDI-22-081 | TP-Link TL-WA1201 | DNS stack buffer overflow | |
CVE-2022-1069 | ZDI-22-1159 | Softing SIS | out of bounds read dos | |
CVE-2022-2335 | ZDI-22-1160 | Softing SIS | int underflow dos | |
CVE-2022-2336 | ZDI-22-1161 | Softing SIS | auth bypass | |
CVE-2022-2337 | ZDI-22-1157 | Softing SIS | uri null deref | |
CVE-2022-2547 | ZDI-22-1158 | Softing SIS | content-type null deref | |
CVE-2022-20699 | Cisco RV340 VPN Gateway | SSL VPN stack buffer overflow | Pwn2Own Austin 2021 | |
CVE-2022-28687 | ZDI-22-1126 | AVEVA Edge | uncontrolled search path rce | Pwn2Own Miami 2022 |
Exploits
Target | Link | Write-up |
---|---|---|
Inductive Automation Ignition | inductive_ignition_rce | rce_me_v2 |
Netgear R6700 | netgear_r6700_pass_reset | tokyo_drift |
TP-Link Archer A7/C7 | tplink_archer_a7_c7_lan_rce | lao_bomb |
Rockwell FactoryTalk | rockwell_factorytalk_rce | replicant |
Cisco RV340 | flashback_connects_original | flashback_connects |
WesterDigital PR4100 | weekend_destroyer |
~ Team Flashback