I have luxtronic controller for AIT heatpump with firmware V1.81, and i browsed for an update, noticed there is 1.86 is it even beneficial or safe to upgrade, is there a risk for bricking i know Lw121a is the model of the unit.
I browsed the web for upgrading and one thing i foun out is bad, luxtronik is not secured with password. The guy on the blogpost wrote about loging in with root and no password. Than he was able to modify the web site to inject old java ui to give more controll over machine.
The issue is that almoast everything can be changed on that linux regarding running commands, but password can’t be set the passwd comand fails with read only passwd file, the filesystem is read-only, but home folder is readwrite, and i am not comftable messing with the system more than necesarry to prevent unauthorized access.
It all seems wrong that i can reboot make files and delete files but cant easilly block root access, how it can be so messed up?
I can block the telnet port on the network, but i need a smart switch for that.
In theory home network is security layer but even the rubbish lightbulb can have a password.
I mainly write here as i am an openhab and linux user for few years and i feel more comftable asking here as i know there are quite some Luxtronik users here.
I am not a linux guru thats why all the forums i read about shadow and passwd in read only filesistems didnt make me more comftable as i cant easiliy backup or make a clone of the luxtronik or can i?
Any experience with that?