|
|
|
|
|
|
by pixl97
1487 days ago
|
|
|
Ok, you have a site with signed firmware downloads. I mean, they are signed securely right? A user messing with the stream can only send you another signed firmware the device takes, and not anything they attempt to create (unless they guess your signing key somehow). But, you make a mistake in firmware version XYZ and there is an RCE in it. So you pull it off your site and now XZZ is the latest version. Only problem is, anyone that can MITM you can serve version XYZ that the client will accept and make the machine exploitable by an RCE. |
|
|