Learn tricks and techniques like these, with us, in our amazing training courses! https://flashback.sh/training In this short video we show you how we discovered and used a backdoor in Arlo Q Plus to gain a root access to a device. 1. We identified the UART console 2. Dumped the NAND firmware 3. Found and cracked hardcoded SSH root account 4. Discovered a special operation mode to enable SSH The vulnerability was disclosed to the vendor via ZDI (ZDI-21-683) and tracked under CVE-2021-31505. Advisory: https://www.zerodayinitiative.com/advisories/ZDI-21-683/ Fixed version: VMC3040S: 1.9.0.8_199_3707910 (according to Arlo, we didn't test the fix) Did you enjoy this video? Then follow us on Twitter, and subscribe to our channel for more awesome hacking videos. ~ Flashback Team https://flashback.sh/ https://twitter.com/FlashbackPwn