BlackMarble

Breaking & Entering with Zipato SmartHubs

Researcher Contact Information

Name Contact Role
Charles Dardaman @CharlesDardaman Reverse Engineered API
INIT_6 @INIT_3 Discovered Root SSH Key

Executive Summary

During the 0DAYALLDAY Research Event three vulnerabilities were discovered in the ZipaMicro Z-Wave Controller Model #:  ZM.ZWUS and the Zipabox Z-Wave Controller Model #: 2AAU7-ZBZWUS.  Two vulnerabilities are in

Continue Reading

Guardzilla IoT Video Camera Hard-Coded Credentials (CVE-2018-5560)

Researcher Contact Information

Name Contact Role
Nick McClendon nicklaus@kulinacs.com Dumped the firmware and extracted the binaries
Andrew Mirghassemi a.mirghassemi@live.com Dumped the firmware and extracted the binaries
Charles Dardaman @CharlesDardaman Found and Extracted the AWS Credentials from the Binaries
INIT_6 @INIT_3 Co-Founder of 0DayAllDay,
Continue Reading