Comment by stevekemp
6 years ago
So many home-routers are run with horrid CGI-scripts on the back-end - I'd not be amazed to learn that submitting a form-field with `blah` in it would try to run the command blah (probably via busybox).
If you have time/patience it might be worth exploring.
I've actually rooted an Asus router owned by a relative, this was about 5 years back so it's hopefully fixed now. Noticed some strange behavior after a mistype and tried something like `whoami` (not exactly) and got root back so tried a reverse she'll with NC which worked perfectly. Googled it afterwards and found a ton of similar flaws on other home routers. Tried to do some kind of responsible disclosure but never got a reply or saw a fix then I forgot about it.