2022-11-24
Next steps digging into the hardware are more on the software side
From a perspective of security research I only touched the surface of the security research on the Corinex CXWC-HD200-WNeH and the Cab.Link CLS-D4E2WX1 by finding default credentials for telnet. To get a further insight I need to first enumerate the network attack surface completely. What services are running, what programs run those services. The ultimate step would be to build an emulation environment where I can run the programs from the routers under my control and find out about the programs and get a first few steps into reverse engineering. With qemu it is possible to emulate MIPS systems on x86 hardware, so I can build a test environment. It would need some work to get old enough versions of code and kernels to create a compatible environment. The Corinex router mentions compilation in 2012 but with Linux kernel 2.6.21 which was released 25 april 2007. The Cab.Link router mentions compilation in 2013 but uses Linux kernel 2.6.31 which was released 9 september 2009.