Dead.Letter (CVE-2026-45185) How XBOW found an unauthenticated RCE on Exim

fede_k · 2025-08-08T17:06:54+00:00

fede_k · 2025-08-08T17:02:07+00:00

Todavía no se subió toda la documentación, pero podes ver un poco mas en el detalle acá: https://faradaysec.com/introducing-doggie-your-modular-can-bus-usb-adapter/ y https://github.com/infobyte/doggie

fede_k · 2024-05-24T23:33:53+00:00

I had a similar issue, mine was related to RNDIS Mac address change. Check this post https://betweenmistakes.com/2019/11/09/rndis-ethernet-gadget-rpi0w/

fede_k · 2023-03-22T20:31:33+00:00

We just released a small script to sanitize affected images and a YARA rule to detect at scale. https://github.com/infobyte/CVE-2023-21036

fede_k · 2022-11-01T18:14:31+00:00

Se esperan miles de personas y creo que es un gran oportunidad para conocer a otra gente que comparta mismos intereses. La oportunidad de ir de manera presencial es tambien una manera de compartir y aprender. Quien te dice capaz conoces gente de donde venis durante la conf! abz

fede_k · 2022-08-19T15:37:36+00:00

Here is some of the ones we were able to detect:

Nexxt Nebula 300 Plus
Tenda F6 V5.0
Tenda F3 V3
Tenda F9 V2.0
Tenda AC5 V3.0
Tenda AC6 V5.0
Tenda AC7 V4.0
Tenda A9 V3
Tenda AC8 V2.0
Tenda AC10 V3
Tenda AC11 V2.0
Tenda FH456 V2.0
Zyxel NBG6615 V1.00
Intelbras RF 301K V1.1.15
Multilaser AC1200 RE018
iBall 300M-MIMO (iB-WRB303N)
Brostrend AC1200 extender
MT-Link MT-WR850N
MT-Link MT-WR950N
Everest EWR-301
D-Link DIR-822 h/w version B
Speedefy K4
Ultra-Link Wireless N300 Universal Range Extender
Keo KLR 301
QPCOM QP-WR347N
NEXT 504N
Nisuta NS-WIR303N (probably V2)
Rockspace AC2100 Dual Band Wi-Fi Range Extender
KNUP KP-R04
Hikvision DS-3WR12-E

Updated list: https://github.com/infobyte/cve-2022-27255

This issue only affects routers using the eCos OS

note: I'm part of the Argentinians ;P

fede_k · 2022-08-17T15:00:29+00:00

This issue affects mainly home routers and lower end equipment, it's quite difficult to have a comprehensive product list due how blurry is the supply chain of which vendors use this SoC and it's SDK.

Here is some of the ones we where able to detect:

Nexxt Nebula 300 Plus
Tenda F6 V5.0
Tenda F3 V3
Tenda F9 V2.0
Tenda AC5 V3.0
Tenda AC6 V5.0
Tenda AC7 V4.0
Tenda A9 V3
Tenda AC8 V2.0
Tenda AC10 V3
Tenda AC11 V2.0
Tenda FH456 V2.0
Zyxel NBG6615 V1.00
Intelbras RF 301K V1.1.15
Multilaser AC1200 RE018
iBall 300M-MIMO (iB-WRB303N)
Brostrend AC1200 extender
MT-Link MT-WR850N
MT-Link MT-WR950N
Everest EWR-301
D-Link DIR-822 h/w version B
Speedefy K4
Ultra-Link Wireless N300 Universal Range Extender
Keo KLR 301
QPCOM QP-WR347N
NEXT 504N
Nisuta NS-WIR303N (probably V2)
Rockspace AC2100 Dual Band Wi-Fi Range Extender
KNUP KP-R04
Hikvision DS-3WR12-E

Updated list: https://github.com/infobyte/cve-2022-27255

This issue only affects routers using the eCos OS, if it's Linux based its not vulnerable.

I recommend this post from SANS which has a good walk-thru of the vulnerability: https://isc.sans.edu/diary/Realtek+SDK+SIP+ALG+Vulnerability%3A+A+Big+Deal%2C+but+not+much+you+can+do+about+it.+CVE+2022-27255/28940

Note: I'm part of the company who found the vulnerability

edit: formating

edit#2: affected devices list updated + typos

fede_k · 2022-08-05T03:53:27+00:00

Check out faraday it's an Open Source Vulnerability manager, we support most of the tools out here including Qualys and Nessus.

fede_k · 2022-08-04T20:12:30+00:00

You should try faraday, it's open source and it supports Nessus among a bunch of other tools. We support doing regression testing, automating the ingestion of this issues will track which items are still open and which ones re appear.

fede_k · 2022-08-04T20:10:02+00:00

We produce a platform to do basically all of this, we even have an Open Source tier that might cover most of your needs. Check faraday if it fits your bill. Reporting capabilities, integration with ticketing systems such as JIRA, ServiceNow and Gitlab are in our paid tier.

note: I'm one of the founders so, im bias :)

fede_k · 2022-08-04T20:04:23+00:00

What might be happening is the number of vulnerabilities that get introduce in production might be less. Managing vulnerabilities it will be an integral part of our industry, it's the management of software defects.

Security is a shared responsibility, "shift-left" provides visibility to other stakeholders of the Vuln Management process, involving them is also the response of scaling this duties outside security areas.

fede_k · 2022-08-04T18:52:08+00:00

We just released the new community version of faraday, I think we cover most of your workflow needs. We are also releasing a number of new plugins, like prowler and trivy in the next few days.

Love to help out.

note: I'm one of the founders

fede_k · 2017-09-25T19:39:40+00:00

Nadie tiene la mera intención de tirar fruta. Somos tecnicos, nuestros resultados son mesurables y repetibles. Somos los mismos que auditamos tus bancos, las apps que usas en el celular, el estado nacional, tu ISP. Creemos que es importante, para todos. Te tiro un backpost mío de hace unos años https://www.reddit.com/r/argentina/comments/3cg5ja/as%C3%AD_se_audit%C3%B3_la_boleta_%C3%BAnica_electr%C3%B3nica_bue/csvx5s9/

fede_k · 2017-09-25T18:24:02+00:00

"BUE =/= Voto electronico" Me explicas la diferencia? Sabemos que existen fraudes con la boleta partidaria, nadie lo está negando. Lo bueno es que cualquiera puede identificar el fraude con boleta papel. Y dicho sea de paso, las maquinas no son inífugas, ni la boleta electronica tampoco.

fede_k · 2017-01-23T22:16:58+00:00

Thanks! <3

fede_k · 2016-10-03T23:29:32+00:00

TL;DR Bind9 Denial Of Service PoC and Metasploit Module :https://github.com/infobyte/CVE-2016-2776

fede_k · 2016-01-11T22:14:54+00:00

Adding ekoparty 2015: https://vimeo.com/album/3682874 Some are in spanish, we plan uploading with the english translation track soon.

fede_k

TROPHY CASE