This exploit will not work on RB03, because there is an additional check for the region:
function setSysTime(time, tzone, index)
local ccode = XQCountryCode.getCurrentCountryCode()
local tz = nil
if TIME_ZONE[tzone] then
tz = TIME_ZONE[tzone][index + 1]
end
if "CN" ~= ccode then
tz = tzone
end
if tz and not XQFunction.isStrNil(tzone) then
....
local isMeshCap = XQFunction.isMeshCap()
if isMeshCap then
...
XQFunction.forkExec("/sbin/whc_to_re_common_api.sh action \'" .. j_msg .. "\'")
end
end
end
But on router RB01, this exploit can work, but you must set whc_cap mode.
I do not know how to achieve this, since I do not have a second device that supports the Xiaomi-Mesh.
P.S.: Device RB06 is in whc_cap mode by default. I even found a place in the code where this is set.