I've completed the initial coding to add config file decryption and re-encryption ability to the StatPOSTer program, so I should be able to release a new version within the next few days.
An inconvenience with the trick I'm using to gain shell access is that it gets removed from the config whenever you change any setting. And adding the trick back requires restoring the config file, which requires rebooting the device. And of course TP-Link could stop it working in newer firmware versions.
The TP-Link firmware keeps most processes running even though the relevant feature might be disabled, so there are a few things that could be killed off, depending on what you want to use:
killall cwmp
killall dyndns
killall noipdns
killall snmpd
killall ushare
Also the SNMP port appears to be open in the firewall:
~ # iptables -L -v -n
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 /* loop back */
294 15488 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
4 168 ACCEPT all -- * * 0.0.0.0/0 224.0.0.0/4
0 0 ACCEPT udp -- !br+ * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:161
3 156 ACCEPT all -- br+ * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- ppp1 * 0.0.0.0/0 0.0.0.0/0 icmp type 8
Which can be closed:
~ # iptables -D INPUT -p udp --dport 161 -j ACCEPT