If you haven’t noticed, in my spare time I really enjoy breaking into embedded devices for the fun of things. Over the past year, I have spent a ton of time rooting the Cisco Meraki MR18, and today I get the chance to publicly disclose my findings.
To start, let me note by saying I have properly disclosed this issue to Cisco Meraki months ago, but due to the fact they are no longer replying to my emails or honoring their own Bug Bounty, I have decided to publicly disclose this after waiting over 90 days since their last reply. Hopefully one of these days I will write up the process I used to find this “exploit”.
Every now and then I come across some interesting devices, one of which was the Cisco Air-OEAP602 “Access Point”. This little guy has an impressive spec sheet with a BCM4718A1 CPU running at 480Mhz, 16MB of flash, and 64MB of RAM but sadly the stock firmware lacks many standard features. Obviously as an enterprise offering it has unique things such as OfficeExtend, but what good are they if they are closed source? Time to hack this thing!