0. Update firmware to v150826 via the web interface
1. Telnet onto device using the same password as for the admin interface
2. Command “sh”
3. Use ps to identify the httpd process id (pid)
4. Read /proc/pid_of_httpd/maps to identify location of libcmm.so
5. Compile a binary using buildroot2012.02 for ARM EABI (compile this using a docker image of ubuntu 12.02) and patch offsets appropriately. It's uncertain currently whether the offsets to patch are the same across devices, however listed here is the patch and code from one device.
Make sure to correct the offsets given that the start address of libcmm.so on the inspected device was 0x401d3000 and insert the pid from ps.