Bricked WAX218 recovery from working device

I am currently upgrading my WiFi network and obtained two cheap WAX218 Access Points for that. Of course, they both should run OpenWRT.
So I first upgraded one of the two to the newest stock firmware WAX218_firmware_V2.1.1.3, did some speedtests, and then migrated it to OpenWRT as described here under "Web UI method", so basically:

• upload the openwrt-24.10.0-qualcommax-ipq807x-netgear_wax218-web-ui-factory.fit image
• wait for device to reboot
• in the recovery initramfs LuCI flash the most current openwrt-24.10.0-qualcommax-ipq807x-netgear_wax218-squashfs-sysupgrade.bin

This all worked perfectly fine on the first access point. However, when I decided to upgrade the second access point, things did not go so well. I am not sure if this is related to the fact that I did not first update to the newest firmware version from Netgear, but the situation now is as follows:
The system did take the web-ui-factory.fit image, rebooted, and now greets me with the recovery initramfs LuCI. But no matter what I tried, it does not want to flash the sysupgrade.bin file. I tried some things like setting fw_active to 0 (which just stopped the device from comming up at all, forcing me to set fw_active to 1 in the bootloader again) and different sysupgrade.bin files including the original firmware image, but the system always reboots to the initfs. So my assumption is that I should have done a factory image upgrade first and then the actual OpenWRT installation. But I cannot change that now.

What I can do, however, is use the working access point as a reference. I did a dump of all the mtd partitions and compared the md5sums, these partitions are different on the bricked one:

mtd1	0:mibib
mtd7	0:appsblenv
mtd8	env-data
mtd9	0:appsbl
mtd12	0:art
mtd13	rootfs	
mtd15	rootfs_1
mtd16	wififw_1

I would assume that if I flash the right partitions on the bricked device, I should get everything working, but I also am aware that some of these partitions contain device-specific settings that I should not overwrite. In a first approach I tried to access these partitions with jefferson, but it only extracted empty folders.
Which of these partitions can I overwrite to fix the device?

I am having a very similar issue on my WAX218. I've tried various ways of flashing the sysupgrade.bin file, but no success yet. In my case the command "cat /proc/mtd" yields the following:

dev:    size   erasesize  name
mtd0: 00100000 00020000 "0:sbl1"
mtd1: 00100000 00020000 "0:mibib"
mtd2: 00300000 00020000 "0:qsee"
mtd3: 00080000 00020000 "0:devcfg"
mtd4: 00080000 00020000 "0:apdp"
mtd5: 00080000 00020000 "0:rpm"
mtd6: 00080000 00020000 "0:cdt"
mtd7: 00080000 00020000 "0:appsblenv"
mtd8: 00040000 00020000 "env-data"
mtd9: 006a0000 00020000 "0:appsbl"
mtd10: 00060000 00020000 "cert"
mtd11: 00100000 00020000 "userconfig"
mtd12: 00080000 00020000 "0:art"
mtd13: 06f00000 00020000 "rootfs"
mtd14: 00900000 00020000 "0:wififw"
mtd15: 06f00000 00020000 "rootfs_1"
mtd16: 00900000 00020000 "0:wififw_1"

I did find a way to get the device to boot properly:

• Detach the mtd13 ubi mount: ubidetach -p /dev/mtd13
• Download the ubi image to /tmp with wget
• flash the image with ubiformat: ubiformat /dev/mtd13 -f /tmp/openwrt-24.10.0-qualcommax-ipq807x-netgear_wax218-squashfs-factory.ubi
• Set the active firmware to 0: fw_setenv active_fw 0 (I assume this tells the bootloader whether it should boot from mtd13 or mtd15)
• reboot

Note: If your device should not come up after this, you will have to connect to the device through a serial console (115200 baud), press 4 repeatedly during boot (connect console, then power up the device while spamming "4") and enter the bootloader that way. There, you can setenv active_fw 1 (do not forget to saveenv ) and the system should boot back into the initfs.

This did the trick for me and the AP is working, though my partitions may still be slightly different between the two devices, but I do not see any performance differences between the two, so I guess everything is o.k.

Chapeau! That worked, thank you!