Learn tricks and techniques like these, with us, in our amazing training courses!
https://flashback.sh/training
In this short video we show you how we discovered and used a backdoor in Arlo Q Plus to gain a root access to a device.
1. We identified the UART console
2. Dumped the NAND firmware
3. Found and cracked hardcoded SSH root account
4. Discovered a special operation mode to enable SSH
The vulnerability was disclosed to the vendor via ZDI (ZDI-21-683) and tracked under CVE-2021-31505.
Advisory: https://www.zerodayinitiative.com/advisories/ZDI-21-683/
Fixed version: VMC3040S: 1.9.0.8_199_3707910 (according to Arlo, we didn't test the fix)
Did you enjoy this video? Then follow us on Twitter, and subscribe to our channel for more awesome hacking videos.
~ Flashback Team
https://flashback.sh/https://twitter.com/FlashbackPwn
31 Comments