Hacking Millions of Modems (and Investigating Who Hacked My Modem) - eviltoast

This article is a great example why you should use your own router instead of ISP provided one

  • moira@femboys.barOP
    link
    fedilink
    English
    arrow-up
    2
    ·
    5 months ago

    It doesn’t matter that website loads javascript code for logged in user, as you need a token (which server will give you after a successful login) to authenticate to apis, it is pretty common to do that way

    There wasn’t a client side API, but the API was missing crucial validation of user input (eg only checking the mac address but didn’t check who is actually authenticated)