Milesight UG67 Advisories Released

RedTeam Pentesting GmbH RedTeam Pentesting GmbH

RedTeam Pentesting GmbH

Im Team versetzen wir weltweit Menschen in die Angreiferperspektive mit unseren Penetrationstests. Werde ein Teil davon!

发布日期: 2024年12月10日
+ 关注

In our experience vulnerabilities often seem to come in packs. The impact of such a pack can quickly become more than the sum of its parts and this nuance gets lost in CVSS.

?? In our new advisories we kept stacking "minor" issues to take over Milesight LoRaWAN gateways ??

  • First step: Establish system access using the undocumented low-privileged user account pyuser (rt-sa-2024-002)
  • Next step: Circumvent the restricted shell via SSH port forwarding to a PostgreSQL database with RCE (rt-sa-2024-003)
  • Finally, privilege escalation via ubus (rt-sa-2024-004)
  • Bonus: Another potential way to elevate privileges (rt-sa-2024-005)
  • By the way, instead of Ethernet, you can also simply use the external USB-C port for these attacks (rt-sa-2024-001)


要查看或添加评论,请登录

RedTeam Pentesting GmbH的更多文章

社区洞察

其他会员也浏览了