Home

Awesome

Exploits and Advisories

Repository that tracks public exploits, vulnerabilities and advisories that I [co-]discovered or [co-]authored.

CVEs

CVEIDTargetDescriptionDisclosure
CVE-2020-10881ZDI-20-333TP-Link Archer A7/C7DNS stack overflowPwn2Own Tokyo 2019
CVE-2020-10882ZDI-20-334TP-Link Archer A7/C7command injectionPwn2Own Tokyo 2019
CVE-2020-10883ZDI-20-335TP-Link Archer A7/C7insecure filesystemPwn2Own Tokyo 2019
CVE-2020-10884ZDI-20-336TP-Link Archer A7/C7hardcoded crypto keyPwn2Own Tokyo 2019
CVE-2020-10885ZDI-20-337TP-Link Archer A7/C7DNS validation errorPwn2Own Tokyo 2019
CVE-2020-10923ZDI-20-703Netgear R6700auth bypassPwn2Own Tokyo 2019
CVE-2020-10924ZDI-20-704Netgear R6700stack buffer overflowPwn2Own Tokyo 2019
CVE-2020-10925ZDI-20-705Netgear R6700improper cert validationPwn2Own Tokyo 2019
CVE-2020-10926ZDI-20-706Netgear R6700download and execution of unverified codePwn2Own Tokyo 2019
CVE-2020-10927ZDI-20-707Netgear R6700hardcoded crypto keys / weak cryptoPwn2Own Tokyo 2019
CVE-2020-12004ZDI-20-685Inductive Automation Ignitionmissing authenticationPwn2Own Miami 2020
CVE-2020-10544ZDI-20-686Inductive Automation Ignitiondeserialization of untrusted dataPwn2Own Miami 2020
CVE-2020-12027ZDI-20-727Rockwell FactoryTalk SEinfo disclosure (project list)Pwn2Own Miami 2020
ZDI-20-728Rockwell FactoryTalk SEinfo disclosure (project path)Pwn2Own Miami 2020
CVE-2020-12028ZDI-20-729Rockwell FactoryTalk SEmissing auth for critical functionPwn2Own Miami 2020
CVE-2020-12029ZDI-20-730Rockwell FactoryTalk SEdirectory traversalPwn2Own Miami 2020
CVE-2020-12009ZDI-20-777Iconics Genesis64dir traversal / rcePwn2Own Miami 2020
CVE-2020-15635ZDI-20-936Netgear R6700pre-authentication buffer overflow
CVE-2020-15636ZDI-20-937Netgear R6400, R6700, R7000, R7850, R7900, R8000, RS400, XR300stack buffer overflow
CVE-2020-28347TP-Link Archer A7/C7command injectionPwn2Own Miami 2020
CVE-2021-27245ZDI-21-214TP-Link Archer A7Firewall Bypass VulnerabilityPwn2Own Tokyo 2020
CVE-2021-27251ZDI-21-247Netgear Nighthawk R7800ready-genie-cloud Insecure Download of Critical Component RCEPwn2Own Tokyo 2020
CVE-2021-27257ZDI-21-264Netgear Nighthawk R7800ready-genie-cloud Improper Certificate Validation RCE
CVE-2021-31505ZDI-21-683Arlo Q PlusSSH Use of Hard-coded Credentials Privilege Escalation Vulnerability
CVE-2021-35003ZDI-22-080TP-Link Archer C90DNS stack buffer overflow
CVE-2021-35004ZDI-22-081TP-Link TL-WA1201DNS stack buffer overflow
CVE-2022-1069ZDI-22-1159Softing SISout of bounds read dos
CVE-2022-2335ZDI-22-1160Softing SISint underflow dos
CVE-2022-2336ZDI-22-1161Softing SISauth bypass
CVE-2022-2337ZDI-22-1157Softing SISuri null deref
CVE-2022-2547ZDI-22-1158Softing SIScontent-type null deref
CVE-2022-20699Cisco RV340 VPN GatewaySSL VPN stack buffer overflowPwn2Own Austin 2021
CVE-2022-28687ZDI-22-1126AVEVA Edgeuncontrolled search path rcePwn2Own Miami 2022

Exploits

TargetLinkWrite-up
Inductive Automation Ignitioninductive_ignition_rcerce_me_v2
Netgear R6700netgear_r6700_pass_resettokyo_drift
TP-Link Archer A7/C7tplink_archer_a7_c7_lan_rcelao_bomb
Rockwell FactoryTalkrockwell_factorytalk_rcereplicant
Cisco RV340flashback_connects_originalflashback_connects
WesterDigital PR4100weekend_destroyer

~ Team Flashback