SMC Broadband Router Root RCE

Author: Eyosias K. Negash

Date: 17/10/2022 08:45

TLDR:

A route's handler copies a parameter to a global object which allows us to write a crafted message and add our own session via a memory corruption vulnerability. Another handler allows us to inject a command into the OS. Read on for More.