tags:pwn2owncar_hackingnull_derefuaf original link: Pwn2Own Automotive: CHARX Vulnerability Discovery newsletter link: exploits.club Weekly Newsletter 30


Exploits Club Summary:

Ret2 Systems is back with a new blog post detailing the vulnerabilities they found and exploited in the CHARX SEC-3100 for Pwn2Own Automotive. The post starts with an enumeration of the device’s attack surface before explaining why the team decided to focus on the Controller Agent. It then dives into the vulnerability research aspect, discussing how the Controller Agent works, what protocols it speaks, and finally, the discovery of a null deref bug in the Agent’s HomePlug parsing. The post then details a second bug, a UAF during the process teardown due to some specific nuances of C++ deconstructors. Part 2 will be released soon, explaining the exploit, but if you are eager, Ret2 put a replica challenge on their WarGames platform