Pwnie Awards 2017

2020 Nomination for Best Server-Side Bug

Dabman & Imperial (i&d) - Multiple Vulnerabilities

Vulnerability-Lab, Benjamin K.M.

TELESTAR Bobs Rock Radio, Dabman D10, Dabman i30 Stereo, Imperial i110, Imperial i150, Imperial i200, Imperial i200-cd, Imperial i400, Imperial i450, Imperial i500-bt, and Imperial i600 TN81HH96-g102h-g102 devices have an undocumented TELNET service within the BusyBox subsystem, leading to root access. Present on over a million of iot radio devices. The number is unknown because mediayou firmware is embedded on a lot of cheap noname radios who will likely never be patched. Like my “Auna Connect 100.”

Dabman & Imperial (i&d) - Multiple Vulnerabilities, CVE-2019-13473 & CVE-2019-13474