Exploit fixed in 2.28.65

Question

Exploit fixed in 2.28.65

Closed this issue 4 years ago · 4 comments

Hey, I can confirm this was fixed in very recent (2021 purchase) versions of the 4AGiga, the API to run netspeeed test no longer executes incorrect URL as shell commands and just returns default zero values (it did the same before but also would execute commands).

Add a note to main page, cheers!

Answer 1 · 2021-01-13T20:07:13.000Z

I recently bought a 4A gigabit and was able to update to the latest available firmware 2.28.132 and exploit it without issues. Could you explain in more detail what do you mean? Or provide any links?

Never heard about a 2.28.65 firmware version for the gigabit 4A, only 2.28.62 and 2.28.132. Could you please add screenshots?

Answer 2 · 2021-01-14T01:45:16.000Z

Neither did I! I swapped it for INT version, so sorry, cant provide detailed info anumore (int version costed me little extra, but it worked first time like a magic).

Answer 3 · 2021-01-17T11:30:35.000Z

Ok, thanks for reporting. Closing this for now, I’ll wait and see if more reports appear about this new version before updating the readme

Answer 4 · 2021-02-07T08:38:44.000Z

Hi
This is a Chinese version, and the firmware is not officially provided. For the time being, it was only found in the routers newly purchased in China after October 20.