IoT PenTesting: How I Was Able to Hack Over 10,000 Uniway Routers!

IoT PenTesting: How I Was Able to Hack Over 10,000 Uniway Routers! | 2024

Рет қаралды 2,563

Күн бұрын

Note: This video is only for educational purpose.
🔥 In this eye-opening video, I dive deep into the world of cybersecurity to uncover a zero-day vulnerability in Uniway routers that allowed me to take control of over 10,000 accounts. I'll take you step-by-step through my discovery process, showing you exactly how the exploit works and the implications it has on network security.
🛡️ Plus, I share essential tips on how to safeguard your devices against similar vulnerabilities. Whether you're a tech enthusiast, a cybersecurity student, or just curious about how digital security is breached and defended, this video is a must-watch!
Website: bepractical.tech
Telegram: telegram.me/be...
Previous Video: • Bug Bounty: How Develo...
The Art Of Web Reconnaissance:
www.udemy.com/...
Hacking Windows with Python from Scratch: www.udemy.com/...
The Ultimate Guide to Hunt Account Takeover:
www.udemy.com/...

Пікірлер: 28

@BePracticalTech 4 ай бұрын

CVE Link: vuldb.com/?id.249766

@MianHizb 4 ай бұрын

Bro dont clickbait, you didnt address so many issues. 1) an attacker needs to be on the same network to hack the router 2) This is common in alot of routers bcz they assume others cant access your ip and requests the way you copy/paseted them. I agree its a vulnerability but bro the title says otherwise, i was expecting remote access through some zero day enabling it.

@BePracticalTech 4 ай бұрын

Hi, It is actually very easy to get the local ip address of the authenticated machine by using any tools like nmap etc. Therefore, it is considered as critical vulnerability by vulndb. Link: vuldb.com/?id.249766

@syedusman7056 4 ай бұрын

@@BePracticalTechfor that you have to be connected right? You should be in the same network?

@GiQQ 4 ай бұрын

@@syedusman7056yeah it's pretty clickbaitish. You'd have to infiltrate a network first in order to exploit this. Probability is low, therefore in no way classified as critical. Cool bug nonetheless.

@anonymzzz 4 ай бұрын

@@BePracticalTechbut how can a hacker get request that the logged user did on login time ?

@Mephonly 4 ай бұрын

I'm guessing you have to either own a similar router or you can search up a video of someone logging into their uniway router and you can probably get the URL from there@@anonymzzz

@BugbountyPOCs41 4 ай бұрын

🎉❤ Quality content ngl

@comosaycomosah 4 ай бұрын

congrats on your subs bro! you make good videos!

@letshack05 4 ай бұрын

I need to ask few questions. 1. To spoof you used the netmask and gateway along with the ip of authenticated user, so in a network as per my knowledge we can get the ip address only and how will we know who is the authenticated user among many? 2. According to this tutorial, we need intercepted request and spoof ip to access admin panel, but how do we get this request? MITM also most likely fail in this case because it isn't necessary that the user is logging in while we are in.