InfoSec Blog

suidpit

Security Researcher and Penetration Tester at Shielder. Human, Chaotic Good. Disciple of Bushido & Disney.

CVE-2023-39238 - Asus Router Format String RCE

30/01/2024

Hunting for Unauthenticated n-days in Asus Routers

Notes on patch diffing, reverse engineering and exploiting CVE-2023-39238, CVE-2023-39239, and CVE-2023-39240.

12

Min

CVE-2023-33466 - Orthanc RCE

24/10/2023

CVE-2023-33466 - Exploiting Healthcare Servers with Polyglot Files

A recently disclosed CVE for the Orthanc DICOM server can be used to obtain Remote Code Execution. As a PoC was not available, we wrote one.

8

Min