Rediscovery of NetUSB Vulnerability in Broadband Routers

Figure 1 Connecting UART connections to the target device

Recently NewSky Security Labs performed white-box testing on a Netgear networking product, the R6050 model. During our investigation into the system, we found an exploitable vulnerability in the NetUSB module present in the system. NetUSB is a proprietary technology developed by the Taiwanese company KCodes, intended to provide “USB over IP” functionality. NetUSB is included in…

Popular anonymous SNS app leaking user id, geo location, etc

The following blog post describes a popular anonymous SNS app in China, pyyx, which leaks its user details such as user id and geolocation in its APIs. Given the leak, a simple web-app can expose the identity of the user who commented or chatted anonymously. The post is composed in Chinese to benefit its major…