This repository contains the materials for the talk "Exploring the hidden attack surface of OEM IoT devices: pwning thousands of routers with a vulnerability in Realtek’s SDK for eCos OS.", which was presented at DEFCON30.
The contents of this repo include:
analysis
: Automated firmware analysis to detect the presence of CVE-2022-27255 (Runanalyse_firmware.py
).exploits_nexxt
: PoC and exploit code. The PoC should work on every affected router, however the exploit code is specific for the Nexxt Nebula 300 Plus router.ghidra_scripts
: Vulnerable function call searching script and CVE-2022-27255 detection script.DEFCON
: Slide deck & poc video.
- Octavio Gianatiempo (@ogianatiempo).
- Octavio Galland (@GallandOctavio)
- Javier Aguinaga (@pastaCLS)
- Emilio Couto (@ekio_jp)