r00t.cz

Page: Misc.RV042 - Last Modified : Sat, 05 Sep 09

There is a special cgi script that can be acessed using HTTP/HTTPS connection. It requires logged in user, so it's not a security issue.

http://router/sysinfo123.htm When called without any parameters, it displays device information.
Commands:

?ConsoleSimulation=1/0	Enables/disables telnet server on port 23
?cmd=Reboot	Reboots the router
?cmd=ClearFlag	Unknown
?cmd=BackupBoot	Unknown
?load -u [tftp://|http://] -s <int>	Loads and flashes firmware file, same as telnet load command

Telnet server requires user/password login and drops you into commandline interface:

Username: admin
Password: ************
RV042> help
exit:                   Exit from the current cli
die:                    exit <ret> from maintask
ps:                     Print main-task tasks
rg_conf_print:          rg_conf_print <root> - Print OpenRG configuration
                        starting from <root> - use / for the whole configuration
rg_conf_set:            rg_conf_set <path> <value> - Set rg_conf path to a value
rg_conf_set_obscure:    rg_conf_set_obscure <path> <value> - Set rg_conf path to an obscured value
rg_conf_del:            rg_conf_del <path> - Del subtree path from rg_conf
rg_conf_ram_set:        rg_conf_ram_set <path> <value> - Set rg_conf_ram path to a value
rg_conf_ram_print:      rg_conf_ram_print <root> - Print OpenRG dynamic
                        configuration starting from <root> - use / for the whole configuration
reconf:                 reconf <flash_delay 1(=NOW) to 4> - Reconfigure the
                        system according to the current rg_conf
entity_close:           entity_close <entity ptr> - Close an entity
host:                   host <name> - Resolve host by name
rgpf_config:            rgpf_config [f|c|a] - Flush/Clean/Activate Firewall & NAT
rgpf_info:              rgpf_info - Display Firewall & NAT information
rgpf_info2:             rgpf_info2 - Display Firewall & NAT information
fw_set_age:             fw_set_age <proto> <age>. Set state age in seconds, protocan be one of [ICMP=1, TCP=6, UDP=17]...
flash_commit:           Save configuration to flash
restore_default:        restore_defaults [-d] - Restore default configuration
                        (use -d to avoid rebooting after)
reboot:                 Reboot the system
log_lev_on:             log_lev_on <severity> - redirect rg_error output from severity
                        equal or higher to <sevrerity> to the current cli
log_lev_off:            Stop rg_error redirection to the current cli
exec:                   exec <path> - Execute path
rmt_upd:                Remotely upgrade the box
rmt_upd_wget_close:     rmt_upd_wget_close <ptr> - Kill a remote upgrade process
rg_ifconfig:            rg_ifconfig <details_level>
cat:                    Print file contents on console
shell:                  Spawn busybox shell in foreground
cat_log:                cat_log [fw|varlog] | e[#buf_num]
bridge_info:            Prints bridge information
flash_layout:           Prints the flash layout and content
flash_erase:            flash_erase [-d] <section> - erases a given section in the flash
flash_dump:             flash_dump [-s <section> | -r <address>] [-l <length>] [-1|2|4] - dumps the flash content
bset:                   Configure bootloader
ifconfig:               Configure network interface
ping:                   Test network connectivity
nk_ip:                  nettools ip
dump_GPIO:              GPIO register
monlink:                Test network connectivity
monlinkend:             Test network connectivity
wandown:                Bring down WAN interface
wanup:                  Bring up WAN interface
lbtrafficup:            Bring up WAN interface
lbtrafficdown:          Bring up WAN interface
setequalize:            Set equalize
delequalize:            Delete equalize
addinf:                 dynamic add interface
delinf:                 dynamic delete interface
activewaninf:           Get active wan interface number
teravpn:                add vpn entries for TeraVPN testing
addvpn:                 add vpn entries
addvpn_ip_fqdn:         add vpn entries
switch_reset_set:       reset switch
switch_stat_get:        get switch status
read_sw_reent:          get reentrant num
mem_alloc:              alloc memory
mem_alloc_free:         alloc and free memory
nk_tag_vlan:            set port base vlan / tag base vlan
nk_vlan_all:            set vlan all
xml_xmit:               test reciver xml file
boot:                   boot -g {-s <section> | -r <address>} - Boot the system (-g boot with kgdb)
load:                   load -u <url> {-s <section> | -r <address>} - Load and burn image
8021x_open:             8021x_open <dev_name> - Open device
8021x_close:            8021x_close - Close last 802.1x device
8021x_status:           8021x_status <dev_name> - Print 802.1x device status
8021x_set_mode:         8021x_set_mode <dev_name> <dir> <auth_control> <promiscuous> - Change operating mode of device
8021x_mac_auth:         8021x_mac_auth <dev_name> <MAC> <op> - Add or remove authorization for a device (op==1->add, 0->remove)
nk_factory_print:       nk_factory_print <root> - Print factory configuration. starting from <root> - use / for the whole configuration
nk_factory_set:         nk_factory_set <path> <value> - Set rg_factory path to a value
ver:                    ver - Display version information
help:                   Print this menu
etask_list_dump:        Dump back trace of all etasks
set_url_filter_setting: set url filter setting
get_url_filter_statics: get url filter statics
set_url_filter_debug:   set url filter debug
get_url_filter_setting: get url filter setting
Returned 0
RV042>

To get busybox shell, use shell command.

(This output is from device with RV042-v1.3.12.6tm-080527_fw.rmt firmware)