/u/TheReedemer69

🌐 reddit.comSource

Disclosure/write-up for CVE-2021-21735 affecting the ZTE ZXHN H168N V3.5. The issue is cataloged as information disclosure, but the useful part is the authorization failure: wizard handlers under the setup surface exposed PPPoE and WLAN material that should have required authent

🌐 reddit.comSource

submitted by /u/TheReedemer69 [link] [comments]

🌐 reddit.comSource

I wrote up an old OLX account takeover bug that started from a very small UI difference. After enough wrong OTP attempts, the page showed a “try again later” lockout message. That should have made every blocked submission look the same. But it didn’t. Wrong OTPs during lockou

🌐 reddit.comSource

submitted by /u/TheReedemer69 [link] [comments]

🌐 reddit.comSource

This started as a Zyxel VMG3625-T50B credential leak, but the affected scope later expanded across CPE, ONT, LTE, and 5G devices. A low-privileged router account could query Zyxel DAL endpoints and get back supervisor/admin account data, FTPS credentials, and TR-069 secrets in c

🌐 reddit.comSource

CVE-2021-21735 looks like a basic information leak at first, but the interesting part is the chain. On the ZTE ZXHN H168N V3.5, setup/wizard routes exposed PPPoE and WLAN material that should have stayed behind the authenticated configuration boundary. In some ISP deployments, t

🌐 reddit.comSource

I wrote up an old OLX account takeover bug where the interesting part was not that OTPs existed. It was that the lockout state still leaked whether the submitted OTP was correct. The flow looked blocked from the outside: wrong code → invalid code too many wrong codes → try ag

🌐 reddit.comSource

I published a technical write-up on an old OLX account takeover issue. The core bug was an OTP correctness leak inside the rate-limit state. After repeated invalid OTP attempts, the application showed a lockout message. However, blocked submissions did not become response-equiv