Linksys E1200(V2)

Project started on 4 Dec 2025

Learning outcomes

1. Techniques to gather information on a hardware without physical access to the device itself

• Google dork

  • Release notes, firmware download

  • Known CVEs

  • PoCs for found CVEs

• FCC

  • Internal photos

  • Identifying presence of UART interfaces

1. Hardware interactions

• Identifying UART and potential GND points (visual inspection)

• Using the digital multimeter:

  • Identify GND points

  • Identify specific UART pins

1. Interacting with basic networking services on the device

• DHCP

• Nmap scan

• cURL, Netcat, etc.

1. How to gain a shell console from the UART interface + system enumeration

• Boot logs

• Firmware and OS versions, along with other useful information

• Information gathering on a vulnerable binary

1. Techniques to interact with the device

• Simple techniques to reclaim memory space on the device

• Transfer files between device and host

1. Understanding of the MIPS architecture & assembly + reverse engineering and stack-based buffer overflow exploit development of a vulnerable binary (from a known CVE)

• Understand the vulnerability from the CVE description

• Work with exploit tools and techniques: pwn, Ghidra, GDB + gdbserver, objdump, etc.

• Demonstration of the steps taken to generate the final working payload for remote-code execution

1. Bonus section: persistence techniques from a real-world perspective

• "backdoor" access that can be remotely accessed