Cisco EPC3010 boot process locked

[mediotex]

I tried to access serial interface on Cisco EPC3010 model: the bootloader is locked, and there's no access to bootloader menu. Console output just stops print at some point, and further output is hidden from display. output: In that case, the only way is to get a full dump from the flash chip?

[jclehner]

Disconnect the coax, reset the modem to factory defaults. Then check if you have got SNMP access to either 192.168.0.1 or 192.168.100.1. If so, you might be able to enable the serial console via SNMP!

[mediotex]

I always checked without a coax. Tried to reset, SNMP access is available, MIB tree is limited to 467 objects. Not sure what MIB can enable it.

[jclehner]

Try bfcSerialConsoleMode (1.3.6.1.4.1.4413.2.2.2.1.9.1.2.1.0) first. First set it to 2, then 0, then 2 again, and check your serial output while you're doing so.

[mediotex]

Error in packet.
Reason: noAccess
Failed object: SNMPv2-SMI::enterprises.4413.2.2.2.1.9.1.2.1.0

[jclehner]

How about cmConsoleMode (1.3.6.1.4.1.1429.77.1.4.7.0)?

[mediotex]

Same error. The MIB tree contains only one enterprises group.

...
SNMPv2-SMI::enterprises.4491.2.1.20.1.1.1.1.2 = INTEGER: 3
SNMPv2-SMI::enterprises.4491.2.1.20.1.1.1.1.2 = No more variables left in this MIB View (It is past the end of the MIB tree)

[jclehner]

Does this modem support saving and restoring a config file?

[mediotex]

No, its simple data modem, not EMTA. I tried to check if I can use the 'Cable Haunt' exploit to enable shell, but this modem seems not affected. I didn't find the spectrum analyzer on 8080 port, nor on other ports, only http port 80 is open.