Can't flash Xiaomi Redmi AC2100

I excitedly bought three Xiaomi Redmi AC2100 routers. I'm on to the second and haven't had the cve.py work at all yet. tcpdump shows no attempt by the router to make an outbound connection.

Is it possible they've had their firmware upgraded - how could I tell if so?

Are there any other ways to reflash them? Can you do it with the serial console?

OK. I'm on firmware 1.0.14 so I should be able to trigger the CVE. I'm running the exploit/etc on a very old Raspberry Pi so there may be some timing issues?

I got it to trigger once, going from a factory reset. That was OK but not perfect. I added a time.sleep(1) in the PPPoE simulator before it replies to echo packets. It still takes a few goes with the CVE but many less than my first attempt.