| Reporter | Title | Published | Views | Family All 8 |
|---|---|---|---|---|
| CVE-2021-28937 | 27 Apr 202309:58 | – | circl | |
| Amazon Acexy Wireless-N WiFi Repeater REV 安全漏洞 | 29 Mar 202100:00 | – | cnnvd | |
| CVE-2021-28937 | 29 Mar 202112:04 | – | cve | |
| CVE-2021-28937 | 29 Mar 202112:04 | – | cvelist | |
| CVE-2021-28937 | 29 Mar 202113:15 | – | nvd | |
| CVE-2021-28937 | 29 Mar 202113:15 | – | osv | |
| Design/Logic Flaw | 29 Mar 202113:15 | – | prion | |
| CVE-2021-28937 | 9 Jan 202611:24 | – | redhatcve |
id: CVE-2021-28937
info:
name: Acexy Wireless-N WiFi Repeater REV 1.0 - Repeater Password Disclosure
author: geeknik
severity: high
description: Acexy Wireless-N WiFi Repeater REV 1.0 is vulnerable to password disclosure because the password.html page of the web management interface contains the administrator account password in plaintext.
impact: |
An attacker can obtain the repeater's password, compromising the security of the network.
remediation: |
Update the firmware to the latest version or replace the vulnerable repeater with a secure alternative.
reference:
- https://blog-ssh3ll.medium.com/acexy-wireless-n-wifi-repeater-vulnerabilities-8bd5d14a2990
- http://acexy.com
- https://nvd.nist.gov/vuln/detail/CVE-2021-28937
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2021-28937
cwe-id: CWE-312
epss-score: 0.05266
epss-percentile: 0.91562
cpe: cpe:2.3:h:acexy:wireless-n_wifi_repeater:1.0:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: acexy
product: wireless-n_wifi_repeater
tags: cve2021,cve,acexy,disclosure,iot,vuln
http:
- method: GET
path:
- "{{BaseURL}}/password.html"
matchers-condition: and
matchers:
- type: word
words:
- "Password Setting"
- "addCfg('username'"
- "addCfg('newpass'"
condition: and
- type: status
status:
- 200
# digest: 490a004630440220031ed0da0de27edb95043ab0d8de545051420445ba8900044827464568b81ad002205d898f051892af186e98c57bb4a8e97ad94c1f2138c782acf53831db6756b408:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation