SMC Broadband Router Root RCE

Author: Eyosias K. Negash

Date: 04/01/2022 22:09

TLDR:

A route's handler copies a parameter to a global object which allows us to write a crafted message and add our own session via a memory corruption vulnerability. Another handler allows us to inject a command into the OS. Read on for More.