Reason is, that Meteobridges are based on OpenWRT, which uses a simplified shell called "ash" included
in the "busybox" package. You can also test the exploit check on the shell of Meteobridge, when you login
via ssh (user "root", password "meteobridge") and try the exploit test...
Code: Select all
root@MeteoBridge:~# env X='() { :;} ; echo busted' /bin/bash -c "echo completed"
env: can't execute '/bin/bash': No such file or directory
root@MeteoBridge:~# env X='() { :;} ; echo busted' /bin/ash -c "echo completed"
completed
root@MeteoBridge:~#