winmt Goto Github PK

Jincheng Wang(@winmt) , an undergraduate student majoring in Information Security at Nanjing University of Posts and Telecommunications. I was the Pwn player from X1cT34m team and SU team in CTF competition. Currently, I am interested in IoT security, software security and artificial intelligence.

In 2023, I independently discovered more than 60 vulnerabilities in IoT devices, all of which were authorized by CNVD or CVE.

Among them, more than ten vulnerabilities listed below have been publicly acknowledged by international mainstream manufacturers. Additionally, I was also inducted into the Hall of Fame from both ASUS and Zyxel.

• Ruijie Networks ReyeeOS Unauthorized RCE vulnerability CVE-2023-34644 and the vulnerability covers routers, switches, wireless access points, wireless access controllers, etc.

• Cisco RV34x Series Unauthorized File Upload vulnerability CVE-2023-20073 and the vulnerability is considered by TOP10VPN to be one of the three most critical VPN vulnerabilities in 2023.

• Cisco RV0xx, RV32x Series Remote Command Execution vulnerabilities: CVE-2023-20117 & CVE-2023-20128 and CVE-2023-20118 .

• Xiaomi AX9000 Router Command Injection vulnerabilities: CVE-2023-26315 and [another has not yet been disclosed]

• Zyxel NBG6604 Router Command Injection vulnerability: CVE-2023-33013

• Several ASUS devices have multiple Remote Command Execution vulnerabilities: CVE-2023-38031 & CVE-2023-38032 & CVE-2023-38033 & CVE-2023-39236 & CVE-2023-39237

From 2022 to 2023, I participated in many competitions and won some honors. Some of them are listed below.

• 2023 "Raopai Cup" XCTF Internet of Vehicles Security Challenge Competition, Finals, Special Prize (Champion)

• The 16th National College Student Information Security Competition(CISCN) — Work Competition, Finals, First Prize (Command Injection Vulnerability Detection Technology Based on Att-BiLSTM)

• The 15th National College Student Information Security Competition(CISCN) — Innovative Practice Ability Competition, Semi-finals, Northeast China Division, First Prize (Champion)

• The 7th XCTF International Competition, Finals, First Prize

• The 7th XCTF SUSCTF Sub-station Competition First Prize (Champion) & ACTF Sub-station Competition First Prize

• The 15th National College Student Information Security Competition(CISCN) — Innovative Practice Ability Competition, Finals, Second Prize

• The 5th "QIANGWANG" International Elite Challenge On Cyber Mimic Defense, Finals, Second Prize