garoto/CVE-2025-50753.txt

## CVE-2025-50753.txt
## Correction Notice: CVE-2025-50753 Exploit Method

**Important:** The CVE description incorrectly omits
the required newline character.

The correct command argument to gain root access on
Mitrastar GPT-2741 GNAC-N2 devices is:

"\n/bin/sh"

*Note:* The quotes and the leading newline meta-character
are essential tor the exploit to succeed.

---

Mitrastar GPT-2741GNAC-N2 devices are provided with access through
ssh into a restricted default shell. This is called the "support"
user and the credential to log in is a sticker on the router as
provided by Vivo (Telefonica Brasil) on their Vivo Fibra offer.

The command "deviceinfo show file" is supposed to be used from
restricted shell to show files and directories. By providing
"\n/bin/sh" (quotes included, note the newline special character)
to the argument of this command will drop a root shell.
	## Correction Notice: CVE-2025-50753 Exploit Method

	Important: The CVE description incorrectly omits
	the required newline character.

	The correct command argument to gain root access on
	Mitrastar GPT-2741 GNAC-N2 devices is:

	"\n/bin/sh"

	Note: The quotes and the leading newline meta-character
	are essential tor the exploit to succeed.

	---

	Mitrastar GPT-2741GNAC-N2 devices are provided with access through
	ssh into a restricted default shell. This is called the "support"
	user and the credential to log in is a sticker on the router as
	provided by Vivo (Telefonica Brasil) on their Vivo Fibra offer.

	The command "deviceinfo show file" is supposed to be used from
	restricted shell to show files and directories. By providing
	"\n/bin/sh" (quotes included, note the newline special character)
	to the argument of this command will drop a root shell.
No results found