CVE-2021-0326 PoC — wpa_supplicant 缓冲区错误漏洞

Source

Associated Vulnerability

Title:wpa_supplicant 缓冲区错误漏洞 (CVE-2021-0326)
Description:wpa_supplicant是一款跨平台的WPA请求程序。该程序支持WEP、WPA和WPA2等。 wpa_supplicant 存在缓冲区错误漏洞，该漏洞可能使本地恶意应用程序绕过用户交互要求，以访问其他权限。

Description

Skeleton (but pronounced like Peloton): A Zero-Click RCE exploit for CVE-2021-0326

Readme

# Skeleton (but pronounced like Peloton)

A Zero-Click RCE exploit for CVE-2021-0326 on the Peloton Bike 

And also every other unpatched Android Device 

PoC requires ASLR to be disabled.

Associated blog post: https://www.nowsecure.com/blog/2022/02/09/a-zero-click-rce-exploit-for-the-peloton-bike-and-also-every-other-unpatched-android-device/

![diagram of exploit](eloop.svg)

File Snapshot


 [4.0K]  /data/pocs/b71f82f1a2df8538d22d5cdcc9db5d956c81afbe
├── [ 56K]  eloop.svg
├── [2.1K]  helper.js
├── [2.0K]  p2pcrash.py
├── [ 381]  README.md
├── [4.2K]  skeleton32.py
└── [4.2K]  skeleton.py

0 directories, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!