

Shiny Old VxWorks Vulnerabilities - VeXocide
http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html

======
a2tech
Very interesting-its hard to believe that an embedded device manufacturer
would release a device with debugging enabled and baked in-when I worked in
industrial embedded electronics there was no way to dump the memory across the
network (well you could read/write bits in memory using a backdoor that was
implemented for setting the serial number but you had to poke the bytes in the
right order and it only triggered a function builtin to the firmware to write
to NVRAM..)

~~~
arethuza
That's right, nobody would ever do anything like echoing everything you type
to a command shell or anything:

<http://www.zdnet.com/blog/burnette/worst-bug-ever/680>

:-)

~~~
a2tech
Oh I had forgotten about that. Haha

