Jincheng Wang(@winmt) , an undergraduate student majoring in Information Security at Nanjing University of Posts and Telecommunications. I was the Pwn
player from X1cT34m
team and SU
team in CTF competition. Currently, I am interested in IoT security, software security and artificial intelligence.
In 2023, I independently discovered more than 60 vulnerabilities in IoT devices, all of which were authorized by
CNVD
orCVE
.
Among them, more than ten vulnerabilities listed below have been publicly acknowledged by international mainstream manufacturers. Additionally, I was also inducted into the Hall of Fame from both ASUS and Zyxel.
-
Ruijie Networks ReyeeOS Unauthorized RCE vulnerability CVE-2023-34644 and the vulnerability covers routers, switches, wireless access points, wireless access controllers, etc.
-
Cisco RV34x Series Unauthorized File Upload vulnerability CVE-2023-20073 and the vulnerability is considered by TOP10VPN to be one of the three most critical VPN vulnerabilities in 2023.
-
Cisco RV0xx, RV32x Series Remote Command Execution vulnerabilities: CVE-2023-20117 & CVE-2023-20128 and CVE-2023-20118 .
-
Xiaomi AX9000 Router Command Injection vulnerabilities: CVE-2023-26315 and [another has not yet been disclosed]
-
Zyxel NBG6604 Router Command Injection vulnerability: CVE-2023-33013
-
Several ASUS devices have multiple Remote Command Execution vulnerabilities: CVE-2023-38031 & CVE-2023-38032 & CVE-2023-38033 & CVE-2023-39236 & CVE-2023-39237
From 2022 to 2023, I participated in many competitions and won some honors. Some of them are listed below.
-
2023 "Raopai Cup" XCTF Internet of Vehicles Security Challenge Competition, Finals, Special Prize (Champion)
-
The 16th National College Student Information Security Competition(CISCN) — Work Competition, Finals, First Prize (Command Injection Vulnerability Detection Technology Based on Att-BiLSTM)
-
The 15th National College Student Information Security Competition(CISCN) — Innovative Practice Ability Competition, Semi-finals, Northeast China Division, First Prize (Champion)
-
The 7th XCTF International Competition, Finals, First Prize
-
The 7th XCTF SUSCTF Sub-station Competition First Prize (Champion) & ACTF Sub-station Competition First Prize
-
The 15th National College Student Information Security Competition(CISCN) — Innovative Practice Ability Competition, Finals, Second Prize
-
The 5th "QIANGWANG" International Elite Challenge On Cyber Mimic Defense, Finals, Second Prize