AtlSecCon 2022 has ended
Back To Schedule
Friday, April 8 • 15:00 - 15:45
Bypassing Authentication On 20+ Arcadyan Routers And Rooting Some Buffalo: A Walkthrough Of My First Router Hacking Experience

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

In this talk, I will walk through how I rooted my first router, and how during disclosure of those vulnerabilities, I found that one of the issues was much more widespread than I expected and affected 20+ devices across 20 vendors and Internet Service Providers (ISPs) in 11 countries. In the talk I will walk through getting a root shell on the Buffalo WSR-2533 and using that shell to take a closer look at the http server running the web GUI. I will walk through the process of discovering a path traversal vulnerability and a command injection vulnerability which can lead to full device compromise. Additionally, we will look at the discovery of many more affected devices and the disclosure that followed, how the additional devices were found using tools like Shodan and BinaryEdge, and how we leveraged the help of the CERT Coordination Centre during disclosure. Finally, I will speak briefly about how a bug like CVE-2021-20090 should not have persisted for so long, and why vendors selling consumer routers, and especially ISPs need to do a better job of testing the security of devices they provide to customers.

avatar for Evan Grant

Evan Grant

Staff Research Engineer, Tenable
Evan is based out of Halifax, Nova Scotia and works with the Zero-Day Research Team at Tenable. He worked with the Canadian Forces Reserves for 8 years as a Signal Operator while attending Dalhousie University in electrical engineering. He got his start in infosec working with the... Read More →

Friday April 8, 2022 15:00 - 15:45 ADT
Track 4 - Summit Suite - Room 612/613