this post was submitted on 04 Jun 2024
115 points (96.0% liked)

Technology

59206 readers
2539 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
L3s@fry.gs
L4s@fry.gs
L4s@lemmy.world
enu@lemmy.world
115
Hacking Millions of Modems (and Investigating Who Hacked My Modem) (samcurry.net)
submitted 5 months ago* (last edited 5 months ago) by moira@femboys.bar to c/technology@lemmy.world
9 comments fedilink hide all child comments
 

This article is a great example why you should use your own router instead of ISP provided one

you are viewing a single comment's thread
view the rest of the comments
[–] moira@femboys.bar 2 points 5 months ago

It doesn't matter that website loads javascript code for logged in user, as you need a token (which server will give you after a successful login) to authenticate to apis, it is pretty common to do that way

There wasn't a client side API, but the API was missing crucial validation of user input (eg only checking the mac address but didn't check who is actually authenticated)