Blog

STAR LABS SG PTE. LTD. (STAR Labs) announced today that it has become a CVE Numbering Authority (CNA) for the Common Vulnerabilities and Exposures (CVE®) system, a global cybersecurity community. As a CNA, STAR LABS is authorized to assign CVE Identifiers（CVE IDs）to newly discovered vulnerabilities and publicly disclose information about these vulnerabilities through CVE Records. Identifying vulnerabilities with CVE IDs can speed up the awareness and understanding of those vulnerabilities, enabling security researchers and system managers to expedite solutions....

Background Lately, my focus has been on discovering any potential vulnerabilities in KEPServerEX. KEPServerEX is the industry’s leading connectivity platform that provides a single source of industrial automation data to all your applications. Users can connect, manage, monitor, and control diverse automation devices and software applications through one intuitive user interface. This software employs multiple anti-debugging measures, making it challenging to discover any vulnerabilities and performing fuzzing on it. In this regard, I would like to share my perspective on the issue and my strategy for circumventing these measures....

Introduction In this post, one of our recent intern, Wang Hengyue (@w_hy_04) was given the task to analyse CVE-2021-20617 & CVE-2021-20618 in acmailer since there isn’t any public information on it. Today, we’ll be sharing his journey in dissecting the vulnerabilities in acmailer. Both vulnerabilities were originally found by ma.la acmailer is a Perl-based email delivery application that provides functionality centered around sending mass emails, with associated functions such as registration and unregistration forms, surveys, and email templating....

As part of my internship at STAR Labs, I conducted n-day analysis of CVE-2020-6418. This vulnerability lies in the V8 engine of Google Chrome, namely its optimizing compiler Turbofan. Specifically, the vulnerable version is in Google Chrome’s V8 prior to 80.0.3987.122. In this article, I will give a step-by-step analysis of the vulnerability, from the root cause to exploitation. Background In JavaScript, objects do not have a fixed type. Instead, V8 assigns each object a Map that reflects its type....

Background Some time ago, we were playing with some Netgear routers and we learned so much from this target. However, Netgear recently patched several vulnerabilities in their RAX30 router firmware, including the two vulnerabilities in the DHCP interface for the LAN side and one remote code execution vulnerability on the WAN side which we prepared for Pwn2Own Toronto 2022. This blog post focuses on the vulnerabilities found in version 1.0.7.78You can download the firmware from this link, and easily extract the firmware by using binwalk....

Introduction CVE-2021-38003 is a vulnerability that exists in the V8 Javascript engine. The vulnerability affects the Chrome browser before stable version 95.0.4638.69, and was disclosed in October 2021 in google’s chrome release blog, while the bug report was made public in February 2022. The vulnerability will cause a special value in V8 called TheHole being leaked to the script. This can lead to a renderer RCE in a Chromium-based browser, and has been used in the wild....

Background Proxmox Virtual Environment (Proxmox VE or PVE) is an open-source type-1 hypervisor. It includes a web-based management interface programmed in Perl. Another Proxmox product written in Perl, Proxmox Mail Gateway (PMG), comes with a similar web management interface. They share some of the codebases. In this article, I will introduce how to debug PVE’s web service step-by-step and analyse three bugs I have found in PVE and PMG. [UPDATE] This is a quick and minor update to this blog post....