After dumping the firmware, I could see the filesystem and all web pages. There were hidden options that I could go directly to if I knew the URL Hidden Menus.

One was the syslog entry! Syslog

Through that I found that the httpd had died with a possible SIG 11 Signals.

Further investigation and some terrible ‘fuzzing’ techniques with python showed I could overflow a buffer without crashing the daemon and have that output show up persistently via the WebGUI. Unauthenticated.