Phil M0OFXJul 16, 2023

Some code is so bad it deserves to be buried thousands of feet underground with a sign above reading: "nothing valued is here, what is here was dangerous and repulsive to us"

Using system("echo") to create a text file ... using user-generated input. No words.

"Unauthenticated RCE on a RIGOL oscilloscope"

https://tortel.li/post/insecure-scope/

Unauthenticated RCE on a RIGOL oscilloscope

I work in a company that uses custom electronic boards, so there are plenty of instruments floating around that electrical engineers employ to debug faulty connections and solderings. One kind of tools used are the oscilloscopes, tools that measure signals and plot them in a graphically understandable way. We have a bunch of them, yet only one model in particular caught my attention, because it has a web interface! I was super curious so I decided to try and (digitally) crack it open.

Show threadCoyote
@philpem “conclusion: do not expose your Rigol scopes to the internet.”
Oh, if you’re doing that you probably have much bigger problems.
Jul 22, 2023 at 3:12amWeb