Closed zeppardev closed 4 years ago
jilleb
commented
4 years ago Thanks. Good idea. This was actually my first attempt at getting a point of entry, a few years ago. I didn't find any vulnerabilities within the DLNA service. It's easier to just update the PF configuration by POI update, to open up telnet on the internal wireless network.
aes31
commented
4 years ago WiFi connection didn’t worked on Skoda mib 2,5 1440, only dlink has connected by telnet.
zeppardev
commented
4 years ago Did you try fuzzing it with ufuzz in a virtual machine?
Feb 8, 2020, 13:55 by notifications@github.com:
Thanks. Good idea. This was actually my first attempt at getting a point of entry, a few years ago. I didn't find any vulnerabilities within the DLNA service. It's easier to just update the PF configuration by POI update, to open up telnet on the internal wireless network.
— You are receiving this because you authored the thread. Reply to this email directly, > view it on GitHub https://github.com/jilleb/mib2-toolbox/issues/40?email_source=notifications&email_token=AGFTA6YIQTLAGKQUY7GMLYTRB2FTXA5CNFSM4KRNBSY2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOELFPGYQ#issuecomment-583725922> , or > unsubscribe https://github.com/notifications/unsubscribe-auth/AGFTA62DB2HVAK5RF3XDDX3RB2FTXANCNFSM4KRNBSYQ> .
zeppardev
commented
4 years ago @aes31 You need to connect your PC to the WiFi hotspot to be able to access the DLNA service on port 49152 Feb 9, 2020, 00:44 by notifications@github.com:
WiFi connection didn’t worked on Skoda mib 2,5 1440, only dlink has connected by telnet.
— You are receiving this because you authored the thread. Reply to this email directly, > view it on GitHub https://github.com/jilleb/mib2-toolbox/issues/40?email_source=notifications&email_token=AGFTA65IXUAXGJPQ57GYDB3RB4RUTA5CNFSM4KRNBSY2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOELF4MUI#issuecomment-583779921> , or > unsubscribe https://github.com/notifications/unsubscribe-auth/AGFTA653J76TQMBWJQQEHL3RB4RUTANCNFSM4KRNBSYQ> .
jilleb
commented
4 years ago Did you try fuzzing it with ufuzz in a virtual machine?
That sounds like a great idea. No I didn't do that yet. Really curious about your results! Would be quite scary if it's vulnerable, because there are a lot of MIB2s connected to the web with DLNA port open on the external interface 😨
zeppardev
commented
4 years ago @jilleb Most ISPs are filtering port 49152 so it wouldn't really have that large of an impact.
Would you mind contacting me using Telegram or a similar messenger?
Hey, I realized that all MIB2High units have a DLNA service working on port 49152 which is based on https://github.com/plutinosoft/Platinum and I was thinking of fuzzing the binary to find a vuln.
I know that this isn't an issue, just didn't know how else to contact you. Please hit me up on yal (at) tuta.io