I read through the different ways to get root access for the LS-WVL series and none of them were working for me
(The acp_commander.jar method kept spitting out that socket error:
"ERROR: Exception: SocketTimeoutException (Receive timed out) [ACP Send/Receive (Packet:8020 = ACP_Discover)]"
and told me to check the firewall, which I'm pretty sure wasn't causing the problem.)
Instead of figuring out why those acp_commander.jar UDP packets weren't going through, I looked for another way to root the damn thing.
Turns out all the files in /usr/local/squeezebox/ are world-writable, and one of them (slimserver.pl) gets ran as root when you start or restart the squeezebox service.
So to exploit this (and to make it easier for others), I wrote up a quick CGI script that does most of the work for you (PHP would have worked too, but I like perl more
Login to the device's web server and goto "Network" -> "Web Server" to start up that other webserver on port 81. Point that webserver to your share folder, and mount it via SMB like you normally would. When you start that web server for the first time it'll create the folders "htdocs", "cgi-bin", and "log". Goto the empty "cgi-bin" folder and create a text file called "root.cgi". Copy/paste the following code into that newly created "root.cgi":
$data=~s!for more details\..*!for more details\.\nsystem(qq(sed -e's/.*PermitRootLogin.*/PermitRootLogin yes/' -e's/.*PermitEmptyPasswords.*/PermitEmptyPasswords yes/' -e's/.*PasswordAuthentication.*/PasswordAuthentication yes/' -i /etc/sshd_config;echo arf::0:0::/:/bin/bash >> /etc/passwd;/etc/init.d/sshd.sh restart));\n!;
open(SLIM,">/usr/local/squeezebox/slimserver.pl") or die "Error: Can't write to /usr/local/squeezebox/slimserver.pl: $!\n";
print SLIM $data . "\n";
print "Start or restart squeezebox now\nAfterwards, you should be able to login via SSH using the username 'arf' and a blank password\n";
print "(When you're done, be sure to remove the 'arf' user from /etc/passwd and to remove that one 'system(qq(' line from /usr/local/squeezebox/slimserver.pl)\n";
Once you've saved that as "root.cgi" in the "cgi-bin" folder goto http://YOURNASIP:81/cgi-bin/root.cgi
After that, start or restart the squeezebox service under "Extensions" -> "MediaServer" -> "Squeezebox Server".
Now you should be able to login to the NAS via SSH using the username 'arf' and no password.
(if sshd won't restart for some reason, just reboot the whole device and you should still be able to login with the username 'arf' and a blank password).
From there you can read the other tutorials around here about changing root's password or generating your own ssh keys.