Webinar: Adventures with Zyxel Routers - "Hacking Routers like it's 1996" by HackCon

HackCon Online 2024

Du har ikke tillatelse til å se dette opptaket. Logg deg på eller bruk din personlige lenke.

Om Dette Webinaret

Multiple Zyxel devices are prone to critical vulnerabilities resulting from insecure coding practices and insecure configuration. One of the worst vulnerabilities is an unauthenticated buffer overflow in the custom "zhttpd" webserver.

By bypassing ASLR, the buffer overflow can be turned into an unauthenticated remote code execution (RCE). Besides that, multiple other vulnerabilities including unauthenticated file disclosure, authenticated command injection and processing of symbolic links on storage media were found in the firmware. It turned out that our vulnerabilities affect more than 46 models (during responsible disclosure this, number increased to 50+ models).

This talk will detail the steps we took to analyze the embedded device. Furthermore, we will outline the aftermath and showcase the developed Metasploit module.

The security advisory with full technical details is available at https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-multiple-zyxel-devices/

Foredragsholdere

Steffen Robertz

Steffen Robertz is a Senior Security Consultant at SEC Consult who specializes in embedded systems. In his job, he focuses on retrieving and reverse engineering of firmware in order to find vulnerabilities. Due to his background as an electrical engineering student, he also takes interest in RF systems and hardware development. He already published multiple security advisories via the SEC Consult Vulnerability Lab and held multiple talks at international conferences.

Gerhard Hechenberger

Gerhard Hechenberger is a Senior Security Consultant at SEC Consult who specializes in embedded systems and OT security. He works in the SEC Consult Hardware Laboratory in Vienna. His main job is the assessment of embedded systems, IoT/OT devices and OT networks to uncover vulnerabilities. He is a holder of several IT security certificates and has already published multiple security advisories and blog posts.