Jincheng Wang(@winmt) , an undergraduate student majoring in Information Security at Nanjing University of Posts and Telecommunications. I got into binary security from college and initially I was the Pwn
player from X1cT34m
team and SU
team in CTF competition. Currently, I am interested in IoT security, software security and artificial intelligence. Starting in the second half of 2023(the first semester of my junior year), I took a break from security studies and began working towards a postgraduate qualification. Wish me luck!
In the first half of 2023, I independently discovered more than 60 vulnerabilities in IoT devices, all of which were authorized by
CNVD
orCVE
, and most of them were at a risk level of high or higher.
Among them, more than ten vulnerabilities listed below have been publicly acknowledged by international mainstream manufacturers. Additionally, I was also inducted into the Hall of Fame from both ASUS and Zyxel.
-
Ruijie Networks ReyeeOS Unauthorized RCE vulnerability CVE-2023-34644 and the vulnerability covers routers, switches, wireless access points, wireless access controllers, etc.
-
Cisco RV34x Series Unauthorized File Upload vulnerability CVE-2023-20073 and the vulnerability is considered by TOP10VPN to be one of the three most critical VPN vulnerabilities in 2023.
-
Cisco RV0xx, RV32x Series Remote Command Execution vulnerabilities: CVE-2023-20117 & CVE-2023-20128 and CVE-2023-20118
-
Xiaomi AX9000 Router Command Injection vulnerabilities: CVE-2023-26315 and [another has not yet been disclosed]
-
Zyxel NBG6604 Router Command Injection vulnerability: CVE-2023-33013
-
ASUS Several devices have multiple Remote Command Execution vulnerabilities: CVE-2023-38031 & CVE-2023-38032 & CVE-2023-38033 & CVE-2023-39236 & CVE-2023-39237
From 2022 to 2023, I participated in many competitions and won some honors. Some of them are listed below.
-
2023 "Raopai Cup" XCTF Internet of Vehicles Security Challenge Competition, Finals, Special Prize (Champion)
-
The 7th XCTF International Cyber Attack and Defense Competition, Finals, First Prize
-
The 16th National College Student Information Security Competition(CISCN) β Work Competition, Finals, First Prize (Command Injection Vulnerability Detection Technology Based on Att-BiLSTM)
-
The 15th National College Student Information Security Competition(CISCN) β Innovative Practice Ability Competition, Semi-finals, Northern Part of East China Division, First Prize (Champion)
-
XCTF SUSCTF-2022 Sub-station Competition First Prize (Champion) & ACTF-2022 Sub-station Competition First Prize
-
The 15th National College Student Information Security Competition(CISCN) β Innovative Practice Ability Competition, Finals, Second Prize
-
The 5th "QIANGWANG" International Elite Challenge On Cyber Mimic Defense, Finals, Second Prize