[OpenWrt-Devel] GPL Violation to chase + Engenius/Senao firmware non-update

Michael Holstein moholstein at gmail.com
Tue Nov 13 00:48:05 EST 2018

> Okay .. Engenius problem sorted for the most part, and this works on

FWIW I found an easier way and this may a (minor) security issue that
exists in other versions, didn't really check.
The "fwup" command accepts the '&' characters that's a common URL
argument, but it accepts it unbounded.

Thus, be if for breaking into something so you can flash it (my use
case) or breaking out of the CLI otherwise (whereby now it's no longer
a 'feature' as before)

All one need do for a root shell in the CLI "jail" .. is "mgmt" ->
"fwgrade" -> "fwup &/bin/ash"

More information about the openwrt-devel mailing list