Stigward

Apr 6

Wavlink Command Injection (CVE-2022–23900)

Your Router Is My Router — TL/DR: The Wavlink WL-WN531P3 router exposes an API endpoint susceptible to command injection. This API endpoint is reachable without an authentication header, meaning the vulnerability can be exploited by an unauthenticated attacker. Furthermore, the router has no CSRF protection, thus RCE can be achieved without connecting to the local network. Vulnerability Description and Discovery:

Cybersecurity

5 min read

Wavlink Command Injection (CVE-2022–23900)

Mar 15, 2021

How CTFs Landed Me A Job As An Offensive Security Engineer

How I Became A Professional Hacker For Fun And Profit — There is an argument online I stumble across regularly about the effectiveness of challenge sites and CTFs when it comes to their real-world application. …

Pentesting

4 min read

How CTFs Landed Me A Job As An Offensive Security Engineer

Average hacker and chronic side-project abandoner.

Help
Status
Writers
Blog
Careers
Privacy
Terms
About
Knowable