Unauthenticated Remote Password Change Vulnerability in Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1)

Unauthenticated Remote Password Change Vulnerability in Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1)

CVE-2021-28936 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

The Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) Web management administrator password can be changed by sending a specially crafted HTTP GET request. The administrator username has to be known (default:admin) whereas no previous authentication is required.

Learn more about our Web App Pen Testing.