See https://github.com/EFForg/rayhunter/issues/334
Severity levels low, medium, high are now exposed to the UI in form of
dotted, dashed and solid lines. The line on the UI represents the
highest-so-far severity seen.
Originally this was intended to be represented by Yellow/Orange/Red, but
this would mean yet another divergence for colorblind mode. This is
colorblind-friendly by default (I think...)
As part of this, simplify EventType so that it becomes a flat "level"
enum without nested variants.
There is also a new debug endpoint that allows one to overwrite the
display level directly for testing.
Each event index corresponds to an index in analyzers. But some events
may be null. We're skipping those events without incrementing the index,
leading to wrong analyzer names.
There is a shell injection vulnerability after all, so we can just
launch a remote shell, tplink-style. Except there's no telnetd on this
device so we need to use netcat.
This was found in the goahead binary on the device using Ghidra. The
decompiled code for this endpoint looks like this:
```c
void FUN_0003c614(int param_1)
{
int iVar1;
undefined4 uVar2;
int local_160;
undefined1 auStack_15c [64];
char acStack_11c [256];
int local_1c;
local_1c = __stack_chk_guard;
if (param_1 == 0) {
error("input parameter is NULL!");
uVar2 = 0x66;
goto LAB_0003c808;
}
iVar1 = websGetJsonItemValue(param_1,"password",10,auStack_15c,0x40);
if (iVar1 != 0) {
iVar1 = get_log_level_something();
if (1 < iVar1) {
some_logging_func(2,"modifying root password(%s)...",auStack_15c);
}
iVar1 = sprintf(acStack_11c,"echo root:\"%s\"|chpasswd",auStack_15c);
acStack_11c[iVar1] = '\0';
system(acStack_11c);
}
```
Usage is `./installer orbic-network`, as an alternative to `./installer
orbic`. It should work on Windows without any kind of drivers.
This installer also works on the Moxee device.
