Category Archives: Tutorial

What the Ridiculous Fuck, D-Link?! – /dev/ttyS0

By | | , ,
Comments Off on What the Ridiculous Fuck, D-Link?! – /dev/ttyS0

As mentioned in an update to my post on the HNAP bug in the DIR-890L, the same bug was reported earlier this year in the DIR-645, and a patch was released. D-Link has now released a patch for the DIR-890L as well. The patches for both the DIR-645 and DIR-890L… Continue reading

Hacking the DSP-W215, Again, Again, Again – /dev/ttyS0

By | | , ,
Comments Off on Hacking the DSP-W215, Again, Again, Again – /dev/ttyS0

So far, the vulnerabilities found in the DSP-W215 have only been practically exploitable from the LAN, unless someone was foolish enough to make their smart plug remotely accessible on the Internet. The typical way for external attackers to target internal web servers, such as the one running on the DSP-W215,… Continue reading

Hacking the DSP-W215, Again, Again – /dev/ttyS0

By | | , ,
Comments Off on Hacking the DSP-W215, Again, Again – /dev/ttyS0

Here we go again…again. In the last DSP-W215 exploit, I mentioned that the exploit’s POST parameter name had to be “storage_path” in order to prevent the get_input_entries function from crashing prematurely. That’s because there is another stack overflow, this time in the replace_special_char function, which is called by get_input_entries if… Continue reading

Hacking the DSP-W215, Again – /dev/ttyS0

By | | , ,
Comments Off on Hacking the DSP-W215, Again – /dev/ttyS0

D-Link recently released firmware v1.02 for the DSP-W215 to address the HNAP buffer overflow bug in my_cgi.cgi. Although they were quick to remove the download link for the new firmware (you must “Use mobile application to upgrade device”), I grabbed a copy of it before my trip to Munich this… Continue reading

Jailbreaking the NeoTV – /dev/ttyS0

By | | , ,
Comments Off on Jailbreaking the NeoTV – /dev/ttyS0

Today we’ll be jailbreaking the Netgear NTV300 set top box…with a TV remote. The Netgear NeoTV 300 Negear’s NeoTV set top boxes are designed to compete with the popular Roku, and can stream video from all the usual sources (Netflix, HuluPlus, Youtube, etc). The NTV300 is one of the least… Continue reading

Exploiting a MIPS Stack Overflow – /dev/ttyS0

By | | , , ,
Comments Off on Exploiting a MIPS Stack Overflow – /dev/ttyS0

Although D-Link’s CAPTCHA login feature has a history of implementation flaws and has been proven to not protect against the threat it was intended to thwart, they continue to keep this feature in their products. Today we’ll be looking at the CAPTCHA implementation in the D-Link DIR-605L, which is a… Continue reading

Hacking the Linksys WMB54G – /dev/ttyS0

By | | , ,
Comments Off on Hacking the Linksys WMB54G – /dev/ttyS0

Today we’re going to take a look at an interesting little device, the Linksys WMB54G wireless music bridge. WMB54G This is a pretty specialized device, so it’s likely a fairly minimalistic system. Even the administrative interface is small and simple: WMB54G Administrative Interface The Linksys support page doesn’t have any… Continue reading