Bypass rate limiting in TCL MW45AD to achieve privileges escalation | CVE-2024-25277

Intro A strory of CVE-2024-25277 There is a chain of designing flaws in the source code that result in bypass rate limiting to achieve privileges escalation via brute-forcing login endpoint. First things first, let's understand the flaws in the sourc...