tags:auth_bypassiotstack_overflowdosfirmware original link: Multiple Vulnerabilities in the Deep Sea Electronics DSE855 newsletter link: exploits.club Weekly Newsletter 32 - Popping Basebands, Pwnie Nominated PrivEscs, The Compiler Landscape, And More
Exploits Club Summary:
ZDI put out a post this week walking through a handful of vulnerabilities reported in a communications device developed by Deep Sea Electronics. These vulnerabilities are 0-days at the time of release because Deep Sea missed the 120-day patch deadline set by ZDI. The post does a quick overview of the device’s hardware and software before jumping into a rundown of the rather straight forward vulns…some missing auth checks, stack overflows, and a DOS bug just for good measure. This is your wake-up call to go buy embedded devices and get some wins.