Exploiting CVE-2019-1663


Соломенные сандалии
A few months ago, Pentest Partners published an article explaining CVE-2019-1663, a stack buffer overflow affecting multiple low end devices from Cisco (RV110, RV130, RV225).
I kinda missed doing binary exploitation on ARM based platform so I thought this would be a good opportunity to get back to it.

Getting a live target
I initially reproduced it with a combination of QEMU, an unpacked firmware and libnvram but the exploit was worthless given that offsets would be wrong on real Cisco devices. I therefore ordered a second hand device on eBay. I’m used to Cisco devices so I thought I could at least get a shell on the device via SSH or using a console cable but that damn RV130 does not provide either of those :/ To overcome this, I opened the enclosure and identified UART pinout. From there I was able to connect over serial using a Shikra, an FTDI32 based device from @XipiterSec.

Далее здесь -
Верх Низ