Published On Jul 21, 2021
In this short video we show you how we discovered and used a backdoor in Arlo Q Plus to gain a root access to a device.
1. We identified the UART console
2. Dumped the NAND firmware
3. Found and cracked hardcoded SSH root account
4. Discovered a special operation mode to enable SSH
The vulnerability was disclosed to the vendor via ZDI (ZDI-21-683) and tracked under CVE-2021-31505.
Advisory: https://www.zerodayinitiative.com/adv...
Fixed version: VMC3040S: 1.9.0.8_199_3707910 (according to Arlo, we didn't test the fix)
Did you enjoy this video? Then follow us on Twitter, and subscribe to our channel for more awesome hacking videos.
Learn tricks and techniques like these, with us, in our amazing training courses!
https://flashback.sh/training
~ Flashback Team
https://flashback.sh
/ flashbackpwn
