Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://social.hackerspace.pl/users/q3k/statuses/113271699845605325">q3k :blobcatcoffee: (q3k@social.hackerspace.pl)'s status on Tuesday, 08-Oct-2024 21:11:21 JST</a><a href="https://social.hackerspace.pl/@q3k" title="q3k@social.hackerspace.pl"><img src="https://gnusocial.jp/avatar/88259-48-20230114192528.webp" width="48" height="48" alt="q3k :blobcatcoffee:" style="position: absolute; left: 0; top: 0;">q3k :blobcatcoffee:</a></section><article><p>I don't know if this is CVE-2024-41585, but this is how I've been getting code exec on my DrayTek Vigor 167 for custom firmware [1] research:</p><p><a href="https://gist.github.com/q3k/46f75dd78b653369640efaa2295f7ecd" rel="nofollow noreferrer">https://gist.github.com/q3k/46f75dd78b653369640efaa2295f7ecd</a></p><p>I wouldn't say post-auth code execution on a device you own is a security vulnerability (good network hardware vendors just ship this as a feature), so I never bothered publishing this before. </p><p>This is so trivial I'm sure dozens of other people have been using this, too.</p><p>[1] - <a href="https://github.com/q3k/vraytekdigor" rel="nofollow noreferrer">https://github.com/q3k/vraytekdigor</a> .</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3793289#notice-7422129">In conversation</a><time datetime="2024-10-08T21:11:21+09:00" title="Tuesday, 08-Oct-2024 21:11:21 JST">about 9 months ago</time> <span>from <span><a href="https://social.hackerspace.pl/@q3k/113271699845605325" rel="external" title="Sent from social.hackerspace.pl via ActivityPub">social.hackerspace.pl</a></span></span><a href="https://social.hackerspace.pl/@q3k/113271699845605325">permalink</a><h4>Attachments</h4><ol><li><article><header><div>Domain not in remote thumbnail source whitelist: opengraph.githubassets.com</div><h5><a href="https://github.com/q3k/vraytekdigor">GitHub - q3k/vraytekdigor: Experimental custom firmware build infrastructure for Draytek Vigor 167 modem</a></h5><div></div></header><div>Experimental custom firmware build infrastructure for Draytek Vigor 167 modem - q3k/vraytekdigor</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
q3k :blobcatcoffee: (q3k@social.hackerspace.pl)'s status on Tuesday, 08-Oct-2024 21:11:21 JST q3k :blobcatcoffee:
I don't know if this is CVE-2024-41585, but this is how I've been getting code exec on my DrayTek Vigor 167 for custom firmware [1] research:
https://gist.github.com/q3k/46f75dd78b653369640efaa2295f7ecd
I wouldn't say post-auth code execution on a device you own is a security vulnerability (good network hardware vendors just ship this as a feature), so I never bothered publishing this before.
This is so trivial I'm sure dozens of other people have been using this, too.
[1] - https://github.com/q3k/vraytekdigor .
In conversationabout 9 months ago from social.hackerspace.plpermalink
Attachments
1. Domain not in remote thumbnail source whitelist: opengraph.githubassets.com
  GitHub - q3k/vraytekdigor: Experimental custom firmware build infrastructure for Draytek Vigor 167 modem
  Experimental custom firmware build infrastructure for Draytek Vigor 167 modem - q3k/vraytekdigor

Public

Embed Notice

HTML Code

Corresponding Notice