CVE-2022-47036 & CVE-2022-47037 - Siklu TG Series - Unauthenticated Credential Disclosure and Static Root Credentials
Investigation
Whilst performing a security review of the Siklu TG series of devices, I encountered an interesting behaviour that would allow the “access point” (DN) to have full control of its “stations” (CN) without any authentication.
Further investigation of this behaviour revealed the Clixon backend process with an IPv6 binding on TCP 1277...
CVE-2022-44565 - UBNT AirOS - Improper Access Validation
Kicking off the new year, is my first offical bug bounty and CVE that was reported early last year.
Vulnerability
Whilst investigating the available API endpoints on the UBNT AirMAC AC devices, it appeared a bug was introduced that disabled the access validation if a trailing / was added to the URI for the various API endpoints.
This impacts ...
We are back!
After a very long time, I have decided to start the blog again! 
Much has changed since the previous blog, InsomniaX has long since been retired along with the various other Mac utilities.
The original blog was started when I was still in high school, and over the time since then I have found my self in all aspects of technology from bas...
Much has changed since the previous blog, InsomniaX has long since been retired along with the various other Mac utilities.
The original blog was started when I was still in high school, and over the time since then I have found my self in all aspects of technology from bas...