[OpenWrt-Devel] GPL Violation to chase + Engenius/Senao firmware non-update
moholstein at gmail.com
Tue Nov 13 00:48:05 EST 2018
> Okay .. Engenius problem sorted for the most part, and this works on
FWIW I found an easier way and this may a (minor) security issue that
exists in other versions, didn't really check.
The "fwup" command accepts the '&' characters that's a common URL
argument, but it accepts it unbounded.
Thus, be if for breaking into something so you can flash it (my use
case) or breaking out of the CLI otherwise (whereby now it's no longer
a 'feature' as before)
All one need do for a root shell in the CLI "jail" .. is "mgmt" ->
"fwgrade" -> "fwup &/bin/ash"
More information about the openwrt-devel