Access Tenda MW3

[xifi-kif]

Wow, great work, really! I understand just 1/3 of the things you wrote, my English is not very good and I'm very far from your skills, but what I understood should be enough for what I need :) that is get rid of that stupid dhcp in bridge mode, since my main openwrt router is far more complete and safe to manage than this mesh system. Oh btw I got 3 Tenda MW3, which is the older and cheaper version, i think, of yours. Hopefully they share same password and login systems.

So if I understood correctly, to check if your discovers work also with my Tenda: in order to have access, I just need to hold reset for 3 sec and telnet in using base 64 password for user root. Right?

Then when I'm in I just set 0 value to dhcps.listnum using cfm. And that's it?

[latonita]

You got it right! Mw3 I believe has almost same firmware. Please try and let us know. Thanks

[totalretribution]

@xifi-kif Did you manage to access your MW3, Do you have to be connected to the LAN port on the device or can you telnet in via wifi?

[xifi-kif]

I didn't had time to try till now. I'll tell you if I succeed

[xifi-kif]

All right, just tried. It works!! And pritty easily. Great Job @latonita ! I did telnet over LAN, did't tried over WiFi, you can try it @totalretribution.

[xifi-kif]

I've also experienced a x2 speed in up/download after making the main router do the dhcp effort. I'm almost able to reach maximum theorical speeds of 100/100 from MW3.

[xifi-kif]

update after some time: I'm experiencing high packet loss. Have to dig into the issue.

[totalretribution]

Thanks xifi-kif, I could not get it to work but since you succeeded I will try again when I get some time.

[xifi-kif]

Ok after 1 day of testing I have to say I was celebrating too early. changing dhcp.listnum to 0 doesn't seem to disable the dhcp server on the tenda :( nmap scan says dhcp port is filtered, so it's very strange.

[crees]

You need to reboot after setting dhcp.listnum=0.

[xifi-kif]

@crees did you manage to disable DHCP on tenda MW3? I did not tried further, and instead configured again all the services and port forwards on the tenda... Long work and I'm not happy wiht it. So if you managed to do it I can try again maybe!

[tiagoclc]

I dont know about the twibi giga but about twibi fast the password is the last 6 digits of mac address. The twibi fast cant upgrade from version 1.1.2 to 1.1.3 and subsequently to 1.1.10. The user have to open a teamviewer connection for intelbras technician. This way he can use a telnet client to prepare the twibi fast for receive the firmware upgrades.

So I thought: what if I install a keylogger on my computer? And I did! With that I captured the password that the technician typed. and it was the last 6 digits of the mac address.

To enable telnet service you must press the reset button 4s.

Twibi Fast telnet Port: 23 User: root Password: last 6 digits of mac address (printed on the bottom label)

[latonita]

@tiagoclc how does this Twibi relate to Tenda? Is it some kind of rebranded product?

[tiagoclc]

@latonita yes. Its rebranded by intelbras. But the twibi fast reaches only 100mb and the twibi giga reaches 1000mb.

[crees]

@crees did you manage to disable DHCP on tenda MW3? I did not tried further, and instead configured again all the services and port forwards on the tenda... Long work and I'm not happy wiht it. So if you managed to do it I can try again maybe!

@xifi-kif, I'm sorry, necro reply. I did disable DHCP on the MW5, so it should work the same for the MW3. Don't forget to use cfm set as above, and then make sure you reboot.

If it didn't work after a reboot I'd be pretty surprised.