As I don’t have a CTF team of my own yet, I decided to join the John Hammond Discord Server team. As I am new to the team I started tackling challenges on my own at first. I successfully was able to solve 6 challenges by myself, all related to my strongest skill in web exploitation and programming. This post is just to summarize things I have learned from this CTF.
CVE-2020-27685 - Teradek devices upgrade Remote Code Execution The endpoint to upgrade a Teradek Device has an option to pass along a http url to download the firmware. The Upgrade endpoint performs a curl/wget request without sanitizing the http url being provided. On the Teradek devices you can set up a login feature to allow only authenticated users upgrade but by default it’s not enabled. Originally disclosed to Teradek on October 18th 2019 at 9:53 AM EST.