A detailed post on how Daniel Eshetu chained 3 vulnerabilities (A path traversal (CVE-2021-45968), an SSRF in an external piece of software (CVE-2021-45967) and a post-authentication RCE (CVE-2021-45966)) into a full pre-auth RCE in 🇩🇪 Pascom (pascom.net) Cloud phone system. #vuln #devices #phone #cloud #telecom #informatique

https://kerbit.io/research/read/blog/4