Tried from macOS and virtualbox Centos7, without success..

[rusnino]

Hello, there is my outputs, also seeking some packets in wireshark, but no specific packets to port 31337 received.
What is the additional conditions to exploit working? maybe Xiaomi fixed it in recent ships?

[tangruize]

I also failed and I tried another script and succeeded. The difference is that line 17 of ppppd-cve.py is commented out.
change

    if src.startswith("88:c3:97") or src.startswith("8c:53:c3") :
        src,dst = dst,src

to

    #if src.startswith("88:c3:97") or src.startswith("8c:53:c3") :
    src,dst = dst,src

Have a try?

[ecklf]

I also assume this might be mac address related. @rusnino does it start with 8C:53:C3 or something else (you can find it in your routers web config at the bottom)?

[tangruize]

The MAC address of my router starts with "28:d1:27". It seems that @rusnino's MAC starts with "50:d2:f5". I think it can be very different. Maybe the if-condition is not required?

[rusnino]

I also assume this might be mac address related. @rusnino does it start with 8C:53:C3 or something else (you can find it in your routers web config at the bottom)?

Yes, router MAC is different, it starts with 50:D2:F5. Will try with modified python scripts.

[rusnino]

adding this to pppd-cve.py finally helps
if src.startswith("88:c3:97") or src.startswith("8c:53:c3") or src.startswith("50:d2:f5"):

[ecklf]

@rusnino cool, I will update the guide to close this issue.