Not working on Xiaomi 4A Gigabit FW3.0.24
Closed this issue · 2 comments
Hello,
I'm trying to run the exploit on a Xiaomi Mi Router 4A Gigabit (Firmware 3.0.24), and the script reports it was done successfully, but all connections to telnet/ssh/ftp get refused after.
This is the (redacted) output from running the python script:
python3 remote_command_execution_vulnerability.py
Router IP address [press enter for using the default 192.168.31.1]: 192.168.(redacted)
stok: (redacted)
router_ip_address: 192.168.(redacted)
stok: (redacted)
start uploading config file...
start exec command...
done! Now you can connect to the router using several options: (user: root, password: root)
- telnet 192.168.(redacted)
- ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -c 3des-cbc -o UserKnownHostsFile=/dev/null root@192.168.(redacted)
- ftp: using a program like cyberduck
I've tried rebooting the router after running the exploit to no avail. Running the exploit again doesn't work either. My computer is connected to a Gigabit switch which is connected to the router's WAN port, and I'm using the correct IP address and stok I get on the Web interface. My computer is running Manjaro Linux, python3 and all requirements installed.
Seeing that there are reports the exploit runs well on latest firmware, I was expecting it to just work, but it seems that for some reason it's not working for me.
After uncommenting some lines to get more verbose, I got this:
{"code":1629,"msg":"Couldn't unzip, the file is corrupt"}
This tells me there's something wrong with the payload being sent to the router, or the transmitted file gets corrupted on the way. Will keep searching for an answer.