Christoffer Claesson

icon indicating a website link https://blog.securitybits.io

Results 6 comments of Christoffer Claesson

BaofengUV5R-TRRS PCB

![circuitboard](https://user-images.githubusercontent.com/14073684/114299720-28dcfd80-9abd-11eb-8f68-6aee2454b432.jpg) Here you go @zl2rob

Arbitrary File Write End User Device (Marti API) (Remote Code Execution)

Suggest to re-open this issue as the suggested fix does not in fact fix the arbitrary file upload vulnerability Tested on a clean install of the updated program which contain...

Arbitrary File Write End User Device (Marti API) (Remote Code Execution)

Agreed that the server should run behind a Zerotier network, and preferably with SSL to protect the users etc. Though even if this is tested on the _non_ SSL port,...

Arbitrary File Write End User Device (Marti API) (Remote Code Execution)

Again i'd beg to differ so please correct me where i am wrong! I did follow the installation guide in the documentation Prompting for the "first start" i pressed enter...

Arbitrary File Write End User Device (Marti API) (Remote Code Execution)

Since the SSL DP Service uses the same API call it is still vulnerable! I just used the TCP DP port for brevity's sake as you can make simple PoCs...

Arbitrary File Write End User Device (Marti API) (Remote Code Execution)

I mean, will there be a patch in 1.9.9 for input sanitization? The issue is not an authorization issue, but thats cool it is now requiring cert based auth for...