GL-MT300N-V2 shipped with undocumented 4.3.28: Need JSON-RPC payload to bypass OOBE/enable SSH

Routers VPN, DNS, Leaks
1

Hi everyone,

I recently received a new batch of GL-MT300N-V2 (Mango) routers that came pre-flashed from the factory with firmware version 4.3.28. The latest public stable is 4.3.25.

I do bulk provisioning and use a custom flasher that deploys our firmware via SSH. However, on these new 4.3.28 units, the Dropbear SSH service is completely disabled out-of-the-box until the initial admin password is set via the web UI (OOBE). This completely breaks my headless automation pipeline.

  1. Is this behavior the new standard?
  2. What is the recommended way to enable the SSH server through automation? Is there an endpoint I can call to set the password?
  3. Can I get a link to the 4.3.28 firmware for testing?

Will also take any tips for mass flashing :slight_smile:

Thanks in advance for help!

2

Hi

Please refer to our responses below:

  1. Yes, it should be some "newly" implemented security measure.

  2. It can be completed by calling the following API.

    curl 'http://192.168.8.1/rpc' \
  --data-raw '{"jsonrpc":"2.0","id":10,"method":"call","params":["","ui","init",{"lang":"en","username":"root","password":"goodlife"}]}' \

    (Please adjust password according to your needs.)

  3. Please check your private messages.