Download our Latest Industry Report – Continuous Offensive Security Outlook 2026

Download Report

Category: Vulnerability Research

Relution Remote Code Execution via Java Deserialization Vulnerability

Figure 1: A diagram taken from the official Relution documentation outlines the architecture of the application when deployed on-premises.

Overview In this article we discuss a recent deserialization vulnerability we found in Relution (CVE-2023-48178), a mobile device management product that is popular among multinational German corporations. CVE-2023-48178 can potentially lead to remote code execution and complete compromise of the MDM application and clients managed by the solution. The deserialization vulnerability exists in a component […]

Understanding the Impact of the new Apache Struts File Upload Vulnerability

Introduction Recently researcher Steven Seeley discovered a way to abuse the popular Apache Struts frameworks’ file upload functionality to achieve remote code execution. This bug, known as CVE-2023-50164, has been assigned a 9.8 CVSS score. No doubt this is causing some security practitioners to have flashbacks of the “good times” that a serious Struts bug […]

SonicWall WXA – Authentication Bypass and Remote Code Execution Vulnerability

Overview In an effort to safeguard our customers, we perform proactive vulnerability research with the goal of identifying zero-day vulnerabilities that are likely to impact the security of leading organizations. Recently, we were looking at the list of available OVA appliances from SonicWall and identified the WXA appliance image was available for download. We decided […]

Analyzing the SonicWall Custom Grub LUKS Encryption Modifications

Overview Recently, we decided to perform some reverse engineering of the SonicWall NSv appliance to identify any potential remote code execution vulnerabilities within the appliance. During our initial analysis of a virtual machine image for the application, we discovered a customized LUKS encryption mechanism meant to hinder reverse engineering of the application. We were able […]

Technical Advisory: F5 BIG-IP Unauthenticated RCE Vulnerability, CVE-2023-46747

Overview In an effort to safeguard our customers, we perform proactive vulnerability research with the goal of identifying zero-day vulnerabilities that are likely to impact the security of leading organizations. Recently, we discovered a vulnerability which can lead to unauthenticated remote code execution on F5 BIG-IP instances with the Traffic Management User Interface exposed. This […]