Well, I guess all of that was kinda pointless/
Random firmware from @alecuba16
Here is his FW image
http://IP/webcmd.shtml
/bin/busybox
And here is OEM firmware
http://IP/webcmd.shtml
/bin/busybox
so I guess there was a built in root access anyways.
I'll still document the board for USB host (x2?) and the UART for serial.
~frustro