priapus

@priapus@piefed.social

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨One-Click RCE in ASUS's Preinstalled Driver Software⁩ ⁨⁨1⁩ ⁨day⁩ ago⁩:

only applies to Windows (I think)

Well yeah, its a vulnerability in the windows software. Nothing they said implied otherwise.

and won't work without a permissions escalation.

I dont think thats true, could you explain why that would be? This article mentioned no need for a permissions escalation. In fact it seems that the RCE is automatically run as administrator by the driver process.
⁨Comment⁩ on ⁨40,000 Security Cameras Found Compromised Online.⁩ ⁨⁨5⁩ ⁨days⁩ ago⁩:
What this is talking about is not really about the brand or model, its just about them being misconfigured. These cameras were exposed to the internet with either default credentials or no authentication.

Theres very few good reasons to expose a camera to the internet at all, but if you need to, put some proper authentication in front of it.