# Disclaimer

This repository is an **educational, defensive-research reproduction** of **CVE-2025-55423**, a vulnerability that has already been **publicly disclosed and patched**. It exists to document the author's learning process in firmware reverse engineering and embedded-security analysis.

## Scope and intent

- All analysis and reproduction were performed **in a controlled, isolated emulation environment** (GitHub Codespaces + QEMU user-mode) against a **locally-extracted copy of publicly available firmware**. No traffic was ever directed at any device the author does not own, and nothing left the sandbox.
- The repository documents how a known vulnerability works so that it can be **understood, detected, and defended against**.

## What is intentionally NOT included

- **No DHCP-hijack or ARP-spoofing automation.** The network-takeover stage (Phases 1–3 of the scenario) is a generic man-in-the-middle technique, not a property of this CVE, and is deliberately omitted. The reproduction begins from the assumption that the attacker has already been recognized as the upstream IGD.
- **No firmware binaries.** `libcgi.so`, `libuserland.so`, and other firmware artifacts are **not redistributed** here, for copyright reasons. Reproducers must extract them from the firmware obtained via the vendor's official channel.
- **No weaponized, drop-in exploit.** The included servers, harness, and stub are reproduction scaffolding for a controlled lab; payload placeholders should be replaced with benign markers.

## Responsible use

Do not use any material here against systems you do not own or lack explicit authorization to test. Unauthorized access to computer systems is illegal in most jurisdictions. The author assumes no liability for misuse.

If you are the vendor or maintainer and have any concern about this material, please open an issue.