May not work with 3.0.23 of miwifi 4c
Kinuseka opened this issue · 3 comments
Shows successful process but can not connect to ssh/telnet/ftp
python3 remote_command_execution_vulnerability.py
Router IP address [press enter for using the default 'miwifi.com']:
Xiaomi router not found...
You need to get the stok manually, then input the stok here: eeeeb4238c47e03055929549ffdd527b
There two options to provide the files needed for invasion:
1. Use a local TCP file server runing on random port to provide files in local directory `script_tools`.
2. Download needed files from remote github repository. (choose this option only if github is accessable inside router device.)
Which option do you prefer? (default: 1)2
****************
router_ip_address: miwifi.com
stok: eeeeb4238c47e03055929549ffdd527b
file provider: remote github repository
****************
start uploading config file...
start exec command...
done! Now you can connect to the router using several options: (user: root, password: root)
* telnet miwifi.com
* ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -c 3des-cbc -o UserKnownHostsFile=/dev/null root@miwifi.com
ssh: connect to host miwifi.com port 22: Connection refused
UPDATE:
I downgraded my router (mi router 4c) to 2.14.75 and the exploit now works properly.
Link for the ROM: https://mirom.ezbox.idv.tw/en/miwifi/R4CM/roms-stable/
Do note that this is a third party website acting as a mirror server. Do it at your own risk
After further investigation and testing, turns out that the exploit only works properly on Linux OS's and seems to not work on windows (atleast on my environment)?
I can now confirm in my case, that 3.0.23 does indeed work with OpenWRTInvasion and the malfunction may be just related to OS environment misconfiguration.
UPDATE:
I downgraded my router (mi router 4c) to 2.14.75 and the exploit now works properly.
Link for the ROM: https://mirom.ezbox.idv.tw/en/miwifi/R4CM/roms-stable/
Do note that this is a third party website acting as a mirror server. Do it at your own risk
May I ask how to downgrade? When I use the web ui, it can't pass the file check.