The post discusses a vulnerability in networking devices that use dnsmasq, specifically the ability to inject arbitrary options into its configuration files. It explains how attackers can exploit this vulnerability through various...
About:
nns.ee is an Ethical Hacking and Cybersecurity Blog.
Website:
Specializations:
Subscribe to RSS:
The blog post discusses a potential SQL injection vulnerability in Nim's db_postgres module, particularly affecting applications using older PostgreSQL databases or configurations where standard_conforming_strings is disabled. The...
The blog post discusses vulnerabilities in RouterOS 7.4beta4 related to the implementation of Docker containers on MikroTik devices. It highlights how symlink resolution and mount points can be exploited to execute arbitrary code ...
The article discusses a security vulnerability in the Quectel RG500Q-EA 5G modem, specifically related to the OTA download procedure that allows attackers to execute commands as root. The author details the communication between t...
The blog post discusses a vulnerability in the atfwd_daemon of the Quectel EG25-G modem used in the PinePhone, which is susceptible to OS command injection due to the use of system() calls with user input. The author details the p...
The blog post discusses a critical vulnerability in Inteno's IOPSYS devices, specifically related to the firewall3 component, which allows authenticated attackers to execute arbitrary scripts as root. The vulnerability arises from...
The blog post discusses the security vulnerabilities of Hikvision IP cameras, particularly focusing on the ease of resetting the admin password through brute force methods. The author details their experience with a Hikvision DS-7...
The blog post discusses a vulnerability (CVE-2018-14533) in Inteno's IOPSYS that allows authenticated users to gain full filesystem read-write access and a root shell. It details how 'safe' methods for reading and writing files ca...
The blog post discusses a newly discovered vulnerability in Inteno's IOPSYS firmware that affects OpenWRT or LEDE based routers with the p910nd printer server. The vulnerability allows authenticated users to modify configurations,...
The blog post discusses a remote code execution vulnerability found in the Iopsys router software affecting all Inteno routers. The vulnerability, identified as CVE-2017-17867 with a CVSSv3 severity score of 8.8, allows authentica...
The post discusses the vulnerabilities in Inteno routers related to CVE-2017-11361, specifically focusing on the inadequacy of recent fixes that removed certain access controls. It highlights how hackers can still exploit the juci...
The blog post discusses a security vulnerability found in Inteno routers due to misconfigured Access Control Lists (ACLs). This misconfiguration allows authenticated users to access and manipulate files, including adding SSH keys,...
The author reverse engineers the Creative Sound Blaster Katana V2X soundbar to enable Linux control, detailing the process of analyzing USB communication and firmware.
The blog post details the process of running Arch Linux with a full LXDE desktop environment on an Amazon Kindle, specifically the 8th generation model. It explains the prerequisites, including rooting the Kindle and setting up SS...
6.5Don't trust comments
2022-01-31 • programming security software vulnerability nim
The article discusses a security vulnerability in NimForum, a web application built using the Nim programming language. It highlights the use of reStructuredText (RST) for formatting, which includes a dangerous 'include' directive...
The author recounts their journey of reverse engineering an Äike electric scooter's app to regain control after the company's bankruptcy, uncovering significant security vulnerabilities in the process.
The author discusses their experience with the Xiaomi RedmiBook 16, highlighting its performance as a budget MacBook alternative, particularly its Linux compatibility. The main issue addressed is the lack of deep sleep functionali...
A creative exploration of solving Fossil SCM's ASCII art CAPTCHA through code golfing, showcasing various optimization techniques and the unique font used.
The article discusses the author's experience with the PinePhone's Quectel EG25-G modem, detailing how they unlocked ADB access to the modem and set up a lightweight HTTP server to host their blog. The author explores the modem's ...
The post details the process of running Arch Linux on an Inteno IOPSYS DG400 router, which is based on OpenWRT. The author discusses three main issues encountered: limited storage space, compatibility of ARM instructions, and memo...
The post discusses the development of iopshell, a custom application designed to simplify communication with IOPSYS (Inteno) devices. It highlights the challenges of using a custom WebSockets protocol and how iopshell addresses th...
The author reflects on their experience of hosting a blog on an LTE modem inside a PinePhone, detailing the challenges faced, including performance issues, bandwidth limitations, and the eventual failure of the device. They discus...
The post discusses how to view and reset the BIOS password on a Xiaomi RedmiBook 16 using a Linux session. It explains that both user and supervisor passwords are stored as plaintext in EFI variables, making them easily accessible...