I was wondering of what are these folders are.
I mean they are accessible throughout the network.
If cgi-exec can execute commands on the router itself then isn't that huge vulnerability for hacking from neighbor router in the same net?

Or maybe you need to do POST request to those with required username/password, so auth happens and then the POST fields are accepted for processing on the router ?
Is there documentation on these how to use ?

1 Like

they're not folders.

if "someone" unauthorized can access your router from the LAN side, the router's probably the device you should worry about the least.

Well, you say that AP isolation is a must and no one have to even ping the neighbor? I'm sure you got the question wrong as like WAN->LAN hacking. The question is about LAN->LAN.
Everyone can be authorized to see the login page to each other, but only until there.
I suspect that these "folders" need as well authorization in the POST request itself.

I wanted to show the Assoc list of networks on the front page of Luci before even somebody logging in.

put a soft link to a (html formated, if you like) file located in /tmp, in /www, it'll show without logging in, just use a deep link.

Thanks :slight_smile:
the /tmp suggestion is decent approach.

All these applets require authentication (the same login credentials LuCI uses).

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.