CVE-2019-9194: Triggering and Exploiting a 1-day vulnerability

Prologue Often times it’s hard looking for exploits linked to certain CVE’s, they’re near impossible to find, and they usually don’t have a PoC about the vulnerability. Recently, a Command Injection vulnerability was reported in elFinder, which affects most versions up to 2.1.47. The vulnerability is identified as CVE-2019-9194. It was reported by Thomas Chauchefoin and […]


Exploiting Routers: Just Another TP-Link 0-Day

INTRODUCTION In this post, I will be discussing our recent finding (CVE-2018-16119) while conducting vulnerability research on a home router: TP-Link’s WR1043ND home WiFi router. This post is a walkthrough to the steps taken to identify the vulnerability and how it can be exploited to gain remote code execution in the device. THE DEVICE The […]

2FA Authentication

Behind the Scenes: Bypassing 2FA Authentication

So, you know what 2FA is, right? Well, the hard theory says: ‘Authentication is understood as the procedure to ensure that a person is who he claims to be’. DISCLAIMER: In this blogpost, SecSignal supposes that via different attack vectors, The Assessment Team already has the credentials

Who hit you? Hacking license plates

This case is about a traffic accident, the team it will use a random license plate for this post in explicative mode. The license plate to use will be JMO 089 The initial question? Is there a system that allows to request the data and status of a vehicle that is actually on the road? […]