Hi,

I'm trying to get a root shell on an Actiontec F2250. I hooked up an arduino to the UART pins, and I have a serial console and can see the output from boot, and then I get stuck at a login prompt. Nothing I've tried has worked. Does anyone have any ideas for what the login might be?

Thanks,
Ben

I didn't find it, but in case anybody's wondering, holding Ctrl and \ while the router boots (after the CFE boot delay is done) gives you a root shell. I found this out because of this CVE. Also, the official firmware update image is availble here and can be unpacked with this script. GPL sources here, but I haven't gotten them to build yet.
I'm still not sure what I can do to get into the router with the root shell, since all you get is a read-only filesystem that's the same as unpacking the firmware update, and /etc/passwd is a symlink to /var/passwd which doesn't exist yet so i don't know how to use this to get a login on the telnet server that runs on the router when it's allowed to fully boot.

In case anybody's wondering, the snapshot for the Comtrend VR-3032u actually boots and runs on this router. If you flash it with the instructions in the wiki page, and let it reboot, it'll say it can't boot and ask you to enter some information. Just hit enter until it asks you for a serial number, and then type the serial number from the bottom of the router. Then, it should boot straight into OpenWrt.

EDIT: Don't do this. It installs a new version of CFE that doesn't have a web interface. I'm now thinking my router might be stuck on this firmware, and it doesn't have the correct set of drivers.