tags:routerpwn2owncommand_injection original link: Puckungfu 2: Another NETGEAR WAN Command Injection newsletter link: exploits.club Weekly Newsletter 08


Exploits Club Summary:

NCC Group released a follow up to their original Puckungfu post, detailing a different command injection bug they were able to use in Pwn2Own 2022 after Netgear patched their original one just days before the competition. For this bug, the cron job which served as the entry to the buggy code path only triggered randomly between 1:00AM-4:00AM. For Pwn2Own, the team devised a strategy to trigger the job by remotely altering the device’s time zone and accurately predicting the cron job’s ‘random’ timing within a minute.