Inscrivez-vous maintenant pour un meilleur devis personnalisé!
Vulnerability discovery and research by Jared Rittle and Carl Hurd of Cisco Talos.
TP-Link recently patched three vulnerabilities in their TL-R600VPN gigabit broadband VPN router, firmware version 1.3.0. Cisco Talos publicly disclosed these issues after working with TP-Link to ensure that a patch was available. Now that a fix is out there, we want to take the time to dive into the inner workings of these vulnerabilities and show the approach we took with our proof-of-concept code.
The TP-Link TL-R600VPN is a five-port small office/home office (SOHO) router. This device contains a Realtek RTL8198 integrated system on a chip. This particular chip uses an offshoot of the MIPS-1 architecture developed by Lexra. Except for a few proprietary instructions for handling unaligned load and store operations, these two instruction sets are essentially the same. The instructions that are not included in Lexra are LWL, SWL, LWR, and SWR. These proprietary instructions are often used when compiling a program for the more common MIPS-1 architecture and cause a segfault when encountered in Lexra. The knowledge of this key difference is imperative to assembling working code for the target.
For more information about Lexra MIPS and its differences with the MIPS-1 architecture, refer to
Tags chauds:
Cisco Talos
Talos
vulnerability
proof of concept
exploitation
Vulnerability Discovery
deep dive
tplink
tp-link
Inscrivez-vous par courriel maintenant pour le Stock de Promotion hebdomadaire
100% free, Unsubscribe any time!
Add 1: Room 605 6/F FA YUEN Commercial Building, 75-77 FA YUEN Street, Mongkok KL, HongKong Add 2: Room 405, Building E, MeiDu Building, Gong Shu District, Hangzhou City, Zhejiang Province, China
Whatsapp/Tel: +8618057156223 Tél. : + 33 (0) 3 88 88 20: 0086 571 86729517 Tel à HK: 00852 66181601
Courriel:: [email protected]
English
Pусский
Français
Español
Português
