This is a video to accompany a write-up I did regarding several vulnerabilities present in the windows version of BPQ32, a popular packet radio BBS software. The vulnerability, CVE-2024-34087 is in reference to a SEH based buffer overflow that leads to an RCE (Remote Code Execution). The video details the proof of concept published on my blog, and shows how any windows computer running bpq32 that has exposed telnet or HTTP ports can be used to gain control of the computer.
The write up can be found here:
https://themodernham.com/bbs-hacking-discovering-rce-within-bpq32-seh-based-buffer-overflow/
Link to the NVD Listing:
https://nvd.nist.gov/vuln/detail/CVE-2024-34087
How to Secure your BPQ32 Instance:
https://themodernham.com/how-to-secure-your-packet-bbs-bpq32-or-linbpq-instance/
Beta (Patch) Downloads:
https://www.cantab.net/users/john.wiseman/Downloads/Beta/
This video is for educational purposes, and was made to bring awareness to security problems affecting the amateur radio community. Thank you to John Wiseman, creator of BPQ32 for being attentive to the problem.
00:00 Intro
01:10 Disclosure
2:26 Patching
04:00 Warnings
08:20 Exploit Setup
12:05 Exploit Explanation
14:40 POC Walkthrough
18:50 Demonstration
22:10 How to Protect Yourself
29:20 Outro
★★★ IMPORTANT LINKS★★★
✅Follow My Instagram
https://www.instagram.com/modernham/
✅Follow My Twitter
https://twitter.com/HamModern
⚡ Join the ModernHams Discord: ⚡
https://discord.gg/EbP9dTMrTU
