#opentrafficmap #v2x anyone succeed to have v2x signals in France ? I probably have a reduced spectrum cheap antenna.
@lhanneus
- 13 Followers
- 45 Following
- 67 Posts
Find us at #gpn24 to do the Make your own Birdnet mic extension board as a Worshop (sign up on place), on friday or saturday at 16:00 ! https://github.com/lhanneus/bird_ai_pcb
Find us at #gpn24 to do the Grow your own bioluminescent bacteria as a Worshop (sign up on place) or as a DIY kit, on friday or saturday at 14:00 !
sashI found that crafted #MeshCore node names could compromise #HomeAssistant instances running meshcore-card, with an XSS leading to remote root access on the HA host. An attacker could then access anything controlled or visible through Home Assistant. The attacker doesn't need to be near the target, as MeshCore advertisements are repeated over the mesh, which is dense in NL.
This also affects around 20 public MeshCore analyzer websites. Some of those run CoreScope, where it looks like a vibecoding bot broke the XSS filter while hallucinating a bugfix. The analyzers are mostly public data though. In addition, the less popular MeshCore-Home-Assistant-Panel-v2 is likely also affected, but I was unable to make contact with the maintainer.
MeshCore node names are only 32 bytes, and each rendered in a different place in the page, so I had to be creative to run a more substantial payload. I found a way with three node names using an iframe feature I never heard of before.
