Skip to content

Instantly share code, notes, and snippets.

@kaendfinger kaendfinger/ Secret
Created Jan 10, 2018

What would you like to do?

DSA / DGLux5 Vulnerability

The WebSocket connection for IoT data does not, in any way, secure access to internal methods to execute arbitrary commands on the host machine.

Although the function to execute an arbitrary command is marked insecure, it is still enabled by default.

Approximately 100 servers are currently exploitable to this flaw. No authentication is done by default. Custom exploits have been written.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.