TrendAI Zero Day InitiativeWell that's a first. @ScepticCtf, @diff_fusion), & @SeTcbPrivilege of fuzzware.io used a power drill to gain access to a port and exploit the Autel MaxiCharger. They head off to explain their work - except for the drill - we understand that part. #P2OAuto
Confirmed! After accessing an open port via power drill, the fuzzware.io team leveraged a stack-based buffer overflow on the Autel MaxiCharger. Their second round win nets them $25,000 and 5 Master of Pwn points. #P2OAuto
diff_fusion@thezdi Das ding ist quasi offen! https://www.youtube.com/watch?v=PVhYhLQ4Y64
