NVG510 Root Exploit(Updated for new firmware!)

Go to the page http://192.168.1.254/cgi-bin/update.ha and login if necessary. After the page loads, view the source of the page and search for "nonce". There should be something like this:

<input type="hidden" name="nonce" value="815a0aaa0000176012db85d7d7cac9b31e749a44b6551d02" />

Copy the long string of text into the nonce field below. For this example, you'd copy `815a0aaa0000176012db85d7d7cac9b31e749a44b6551d02` into the below text field.

Push Save to enable a root-able telnet shell on port 28. You'll know it worked if you see "backdoor shell on port 28 enabled. Please reboot device"

If your device is not connected to the internet, you can also download the file and host it locally: http://earlz.net/static/backdoor.nvg510.sh and then just change the wget command to point to your local server.

See the full article for more details and what to do next.

Nonce value:
uploadfile:

Problems/Warnings?

If using NoScript or certain Ad Blockers, you may get errors from this page citing cross-domain requests. You may have to temporarily disable these for this to work.

Alternatively, you can also download this HTML page and save it offline, and that should prevent NoScript warnings.

If you have any other problems, see the full article or leave me a comment.

Too Complicated?

If this procedure is too complicated or technical, you may be interested in my android application, NVG510 Fixer. It can fix common problems with at the click of a button