Ok, I had to remove the board on AX3600 as well to properly solder.
Yeah, you could probably solder it from above but to me its like asking for the pads to get ripped off if the header has some pressure on it later.
I've removed the fan and the screws from the heatsink (but not the heatsink itself) and the 4 screws from the board itself.
And you have to remove all the antenna pigtails of cause, don't forget the one for the IOT radio.
And to lift the board, press the power button to to get it out of the bottom shell.
unfortunately i don't have access to my AX9000 until Sunday.
The ax6 method is also described here:
basically it's using the extend_wifi api on the ax6. As far as i understand, you setup a second wifi-Router with a special xqsystem.lua file (including the nvram commands) and then connect to that router via wifi and the ax6 reads that file during the wifi connect.
And those extenwifi api's are also there in the AX9000 firmware. So i think it's worth a shot.
This is the URL to connect to the others router wifi (from the ax6 or AX9000:)
@kirdes Hm, looks like the extend page is missing.
No page is registered at '/api/misystem/extendwifi_connect'.
If this url belongs to an extension, make sure it is properly installed.
If the extension was recently installed, try removing the /tmp/luci-indexcache file.
I have been poking for way too many hours now, and I just don't see an obvious vulnerability.
I just hate when I have to hope for our Chinese friends to find a vulnerability in order to run code on my HW.