Unauthenticated RCE on a RIGOL oscilloscope

The author works with custom electronic boards and has come across an oscilloscope with a web interface. Curious about the inner workings, they attempt to crack it open digitally. By extracting files and using emulation tools like qemu and chroot, they are able to launch and explore the web control application of the oscilloscope software. They then proceed to analyze the CGI programming in one of the binary files, and discover a command injection vulnerability that can be exploited through a simple curl command. The author concludes with a warning against exposing RIGOL oscilloscopes to the internet.

https://tortel.li/post/insecure-scope/

To top