Default Credentials in SOOTEWAY Wi-Fi Range Extender v1.5 Allow Remote Firmware Manipulation

Default Credentials in SOOTEWAY Wi-Fi Range Extender v1.5 Allow Remote Firmware Manipulation

CVE-2021-30028 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

SOOTEWAY Wi-Fi Range Extender v1.5 was discovered to use default credentials (the admin password for the admin account) to access the TELNET service, allowing attackers to erase/read/write the firmware remotely.

Learn more about our Web Application Penetration Testing UK.