Skip to navigation Skip to main content Skip to footer

Research Blog

Insights and research from our global cybersecurity team.

Filter content

Reset filters

Puckungfu 2: Another NETGEAR WAN Command Injection

A story on finding a zero day attacking the NETGEAR WAN interface after a last minute patch for Pwn2Own 2022, involving a command injection, predicting random numbers, boot timing and voltage supply variations.


Technical Advisory: Adobe ColdFusion WDDX Deserialization Gadgets

Multiple vulnerabilities identified in Adobe ColdFusion allow an unauthenticated attacker to obtain the service account NTLM password hash, verify the existence of a file or directory on the underlying operating system, and configure central config server settings.


NETGEAR Routers: A Playground for Hackers?

A detailed analysis on multiple vulnerabilities which were identified on the NETGEAR Nighthawk WiFi 6 Router (RAX AX2400) and may exist on other NETGEAR router models.


Puckungfu: A NETGEAR WAN Command Injection

Summary Vulnerability Details Overview Execution Flow /bin/pucfu /usr/lib/libfwcheck.so get_check_fw fw_check_api curl_post /lib/libpu_util.so SetFileValue pegaPopen Check Firmware HTTPS Normal Request Response Exploitation Command Injection Response Root Shell Final Notes Patch Pwn2Own Note Summary This blog post describes a command injection vulnerability found and exploited in November 2022 by NCC Group in the Netgear RAX30 router’s WAN […]


MeshyJSON: A TP-Link tdpServer JSON Stack Overflow

Summary Target Binary tdpServer Architecture Mitigations Forks Understanding The Vulnerability Reaching The Vulnerable Function Broadcast Fork Flow Server Fork Flow JSON Array Stack Overflow Triggering The Bug Broadcast Fork Response Server Fork Request Vulnerability Constraints Storing Arbitrary Content In Memory cJSON Summarized cJSON Struct cJSON Data cJSON Heap Memory Single cJSON cJSON structure and key/value […]