Sagemcom router insecure deserialization > privilege escalation

Posted by Ryan Delaney on Sep 01

<!–
# Exploit Title: Sagemcom router insecure deserialization > privilege
escalation
# Date: 08-31-2020
# Exploit Author: Ryan Delaney
# Author Contact: ryan.delaney () owasp org
# Author LinkedIn: https://www.linkedin.com/in/infosecrd/
# Vendor Homepage: https://sagemcom.com/en
# Software Link: N/A (F@ST 5280 firmware not published)
# Version: F@ST 5280 router, F/W 1.150.61, possibly others
# Tested on: F@ST 5280 router, F/W 1.150.61
#…

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Original Source

Tags: cyber, exploit, full disclosure, OSINT, seclist, Security, threatintel, vulnerabilities, vulnerability, vulns

Sagemcom router insecure deserialization > privilege escalation

Original Source

HackerOne Bug Bounty Disclosure: rxss-in-hidden-parameter-hassan-sheet

HackerOne Bug Bounty Disclosure: jira-credential-disclosure-within-mozilla-slack-griffinf

CISA: CISA Releases Two Industrial Control Systems Advisories

Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials

CACTUS Ransomware Victim: https://www[.]ebir[.]com/

Original Source

You may have missed

HackerOne Bug Bounty Disclosure: rxss-in-hidden-parameter-hassan-sheet

HackerOne Bug Bounty Disclosure: jira-credential-disclosure-within-mozilla-slack-griffinf

CISA: CISA Releases Two Industrial Control Systems Advisories

Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials

CACTUS Ransomware Victim: https://www[.]ebir[.]com/