_                        
    | |                       
    | |__   __ _  ___ ___     
    | '_ \ / _` |/ __/ _ \    
    | | | | |_| | |_|  __/    
  __|_| |_|\__,_|\___\___|__  
 / _|             | |   / _ \ 
| |_ _ __ ___  ___| | _| |/  |
|  _| '__/ _ \/ __| |/ /  /| |
| | | | |  __/\__ \   <| |_| |
|_| |_|  \___||___/_|\_\\___/

Recent Posts

TP-Link Tapo c200 Camera Unauthenticated RCE (CVE-4045-2021)

17 minute read

Published:

Hello there. Today I would like to share with you my first CVE, which corresponds to a command injection vulnerability found a couple months ago in the TP-Link Tapo c200 camera, that allows an attacker to take full control of the device with root privileges. It was assigned CVE-2021-4045 by the INCIBE, and you can check the official advisory here. The vulnerability affects all firmware versions prior to...

LiquidJS SSTI to Arbitrary File Read

6 minute read

Published:

Hello there. I have been thinking about starting a cybersecurity blog since the last few months, in order to share my learning process and my experiences as a beginner in this field and contribute to the community. I have finally decided to do it, and I thought it would be great to start by writing about my first bug bounty, which I earned a couple of months ago. Since the...