If you want to practice writing exploits and worms, there’s a big hijacking hole in SonicWall firewall VPNs

A critical vulnerability in a SonicWall enterprise VPN firewall can be exploited to crash the device or remotely execute code on it, reverse engineers said this week. The stack-based buffer overflow (CVE-2020-5135) uncovered by infosec outfit Tripwire can be triggered by an “unauthenticated HTTP request involving a custom protocol handler” – and, most worryingly, could have been deployed by an “unskilled attacker.” The biz said about 800,000 devices were discoverable through device search engine Shodan.io at the time it made its findings, which are lightly detailed on its blog.

Read full article on The Register