MeshHacks: Exploiting Linksys Intelligent Mesh from the internet
The days of hacking home routers are not over! Because every household that wants internet access at their house needs some kind of router. These could be a very interesting target as there are millions of devices in use with a direct connection to the internet. One might think that manufacturers should take extra care to make them as secure as possible, but apparently there is still room for improvement. A lot of room. This talk will show the accidental discovery of the most dangerous vulnerability type a device, especially a home router, can have: the unauthenticated remote code execution over the internet. It will not only focus on the technical part but also a practical example of how manufacturers should not respond to responsible disclosure. Be curious about non existing input validation resulting in various outcomes, a lot of "Wait... what?" moments and the difficulties of responsible disclosure.
Presented at Security Fest 2026.
Speaker: Christian ZäskeAbout Christian Zäske
Christian Zäske is an IT security consultant for the pentest company SySS GmbH located in Germany. By starting his Bachelor's degree in computer science in cooperation with SySS GmbH in 2020, he turned his hobby into his profession: Security research. Being passionate about embedded security, he specialized in analysing hardware of various types. From tiny hearing aids to full size EV charging stations.
