https://twitter.com/marver/status/871679588518293505

During a recent penetration test for a customer, Claus and I noticed a Peplink router web interface exposed to the Internet. While I noticed an XSS (CVE-2017-8839) Claus spotted strange behavior with an overly long bauth cookie. This peaked our interest of course. The next logical step was to fingerprint the device, to get to know more about the specific model and firmware version.[…]