Analysis of CVE-2017-13772 and MIPS Stack Overflow Exploit Summary

Analysis of CVE-2017-13772 and MIPS Stack Overflow Exploit Summary

1. Introduction This article will analyze CVE-2017-13772 and summarize the general approach to exploiting MIPS stack overflow. Before reading, it is necessary to understand MIPS assembly related knowledge. 2. Causes of CVE-2017-13772 Vulnerability CVE-2017-13772 is a stack overflow vulnerability in TP-Link, which is triggered when an overly long IP address is input in the ping … Read more

JLink Firmware Vulnerability Analysis

JLink Firmware Vulnerability Analysis

This article is a highlight from the Kanxue forum. Author ID: Zeng Banxian The firmware verification defect of Jlink V10 was previously published along with a flashing tool, but the defect requires flashing once and then flashing back. Before the release, during a discussion in a mobile device development group, a group member mentioned that … Read more

Exploiting MIPS Stack Overflow Vulnerability

Exploiting MIPS Stack Overflow Vulnerability

This is an exploitation of a stack overflow vulnerability in D-link routers before login. This article focuses on recording the problems and analyses encountered during practical testing, serving as a reading note. Static Analysis The DIR-605L router has a stack overflow at the login point. In the login form, there is a parameter called FILECODE, … Read more

Command Execution Vulnerability in MajorDoMo Smart Home Platform (Includes POC and EXP)

Command Execution Vulnerability in MajorDoMo Smart Home Platform (Includes POC and EXP)

Disclaimer: Please do not use the techniques mentioned in this article for illegal testing. Any direct or indirect consequences and losses caused by the dissemination or use of the information or tools provided in this article are the sole responsibility of the user. The author of this article is not responsible for any adverse consequences. … Read more

Introduction to PWN with MQTT Protocol (CISCN2025 Final MQTT)

Introduction to PWN with MQTT Protocol (CISCN2025 Final MQTT)

Participating in the finals of the national competition for the first time, I had heard that the finals would feature some topics related to industrial control and the Internet of Vehicles. I also had a rough understanding of PWN topics involving the MQTT protocol and had used the Python Paho library for client interaction. However, … Read more