2021-04-15 20:20:27 +00:00
id : CVE-2021-28937
info :
name : Acexy Wireless-N WiFi Repeater Password Disclosure
author : geeknik
2021-04-15 20:31:01 +00:00
description : The password.html page of the Web management interface of the Acexy Wireless-N WiFi Repeater REV 1.0 contains the administrator account password in plaintext.
2021-04-15 20:20:27 +00:00
reference : https://blog-ssh3ll.medium.com/acexy-wireless-n-wifi-repeater-vulnerabilities-8bd5d14a2990
2021-09-10 11:26:40 +00:00
severity : high
2021-04-15 20:20:27 +00:00
tags : cve,cve2021,acexy,disclosure,iot
2021-09-10 11:26:40 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score : 7.50
cve-id : CVE-2021-28937
cwe-id : CWE-312
2021-04-15 20:20:27 +00:00
requests :
- method : GET
2021-04-15 20:51:48 +00:00
path :
- "{{BaseURL}}/password.html"
2021-04-15 20:20:27 +00:00
matchers-condition : and
matchers :
- type : status
status :
- 200
- type : word
words :
- "Password Setting"
- "addCfg('username'"
- "addCfg('newpass'"
condition : and
