Doyensec Explores IoT Vulnerability on Mediterranean Cruise
/ 1 min read
🛥️💻 Doyensec team tackles IoT vulnerability during Mediterranean cruise. The Doyensec team engaged in a unique company retreat, combining leisure with cybersecurity challenges aboard a Mediterranean cruise. They focused on a buffer overflow vulnerability in the Tenda AC15 router’s firmware, identified as CVE-2024-2850. The team utilized EMUX, a Docker-based tool, to emulate the router’s firmware and analyze the vulnerability. After overcoming initial inconsistencies in the advisory, they successfully crafted an exploit that created a backdoor user via a Telnet command. This hands-on experience not only enhanced their exploit development skills but also fostered collaboration despite limited internet access. The final exploit is noted as a significant contribution, being the first working proof of concept for this specific endpoint.
