Techly NewsGet the app

Get the latest tech news

Exploiting zero days in abandoned hardware


We successfully exploited two discontinued network devices at DistrictCon’s inaugural Junkyard competition in February, winning runner-up for Most Innovative Exploitation Technique. Our exploit chains demonstrate why end-of-life hardware poses persistent security risks.

Our exploit chains demonstrate why end-of-life (EOL) hardware poses persistent security risks: when manufacturers stop releasing updates, unpatched vulnerabilities remain frozen in time like fossils, creating perfect targets for attackers. First, we developed three ways (videos 1, 2, and 3) to hack the Netgear router by chaining multiple LAN-side vulnerabilities in the UPnP daemon, including authentication bypass, buffer overflows, and command injection, which gave us a remote root shell. UPnP accepts SOAP messages (XML-formatted commands) to control router functions, making it a prime target due to its complex parsing requirements and privileged system access.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Days

Days

Photo of abandoned hardware

abandoned hardware

Related news:

News photo

Days of US tech companies building factories in China, hiring workers in India 'over': Trump

News photo

Google just spent $14 billion on servers in 91 days, plans even higher spending soon

News photo

Microsoft fixes three SharePoint zero-day exploits used in series of cyberattacks - how to patch them

« Mario Paint finally comes to Nintendo Switch Online, and it makes great use of an underused Switch 2 feature
The best online photo editors: Expert tested and reviewed »