=== CVE-2026-32833 variant analysis: JSON-RPC system.setclock alternate entrypoint === Started: 2026-07-06 10:42:37 UTC ROOT=/data/pruva/runs/27c2711b-9848-4ac6-9b8d-cd72c712e4bb/bundle [1/7] Checking required tools curl: /usr/bin/curl jq: /usr/bin/jq python3: /usr/bin/python3 unsquashfs: /usr/bin/unsquashfs proot: /usr/bin/proot qemu-mipsel: /usr/bin/qemu-mipsel strings: /usr/bin/strings sha256sum: /usr/bin/sha256sum tar: /usr/bin/tar [2/7] Acquiring vendor firmware images c414fd3e6310ebcfed27b6fc7eed11c406e2a468c58f2574f4884690b2c7d868 /data/pruva/runs/27c2711b-9848-4ac6-9b8d-cd72c712e4bb/bundle/vuln_variant/firmware/LT300V3-2.4.5.zip 8d0e515a0e68cefc3658e66d38ca84f69fe1591a5fa8e3abcb9880d170cfaebf /data/pruva/runs/27c2711b-9848-4ac6-9b8d-cd72c712e4bb/bundle/vuln_variant/firmware/LT300V3-2.5.12.zip [3/7] Extracting firmware root filesystems [4/7] Preparing emulated product roots (environment shims only; original RPC code is preserved) [5/7] Exercising vulnerable firmware through JSON-RPC /cgi-bin/luci/rpc/app system.setclock Starting vuln RPC attempt on port 18331 vuln: command execution proof observed via JSON-RPC: VULN_RPC_SETCLOCK_VARIANT_EXECUTED [6/7] Exercising fixed firmware through the same JSON-RPC method Starting fixed RPC attempt on port 18332 fixed: no proof file created; fixed RPC handler neutralized quote injection [7/7] Summarizing result Vulnerable apprpc/system.lua markers: setclock set_timeclock fork_exec fork_exec fork_exec fork_exec date -s '%s' fork_exec env -i ACTION='setclock' /sbin/hotplug-call ntp date -s '%04d-%02d-%02d %02d:%02d:%02d' fork_exec env -i ACTION='setclock' /sbin/hotplug-call ntp fork_exec fork_exec fork_exec fork_exec fork_exec Fixed apprpc/system.lua markers: setclock set_timeclock setclock set_timeclock fork_exec fork_exec fork_exec fork_exec date -s '%s' gsub fork_exec env -i ACTION='setclock' /sbin/hotplug-call ntp date -s '%04d-%02d-%02d %02d:%02d:%02d' fork_exec env -i ACTION='setclock' /sbin/hotplug-call ntp fork_exec fork_exec fork_exec fork_exec fork_exec fork_exec fork_exec Proof summary: vuln proof: VULN_RPC_SETCLOCK_VARIANT_EXECUTED fixed no proof file (negative control passed) === Variant result: alternate entrypoint confirmed on vulnerable firmware; NOT a bypass of fixed 2.5.12 ===