CVE-2021-28160

Name of the Vulnerable Software and Affected Versions: Wireless-N WiFi Repeater REV 1.0 (28.08.06.1)

Description: The issue is related to a reflected XSS vulnerability due to an unsanitized SSID value when it is displayed in the "Repeater Wizard" homepage section of the /repeater.html page. This vulnerability can also be exploited via a malformed SSID field during scanning for nearby access points, enabling an attacker to steal LAN credentials without being connected to the device.

Recommendations: For Wireless-N WiFi Repeater REV 1.0 (28.08.06.1), consider disabling access to the /repeater.html page or restricting the display of SSID values in the "Repeater Wizard" section until a patch is available. Avoid using the SSID value in the affected API endpoint until the issue is resolved. As a temporary workaround, restrict access to the Repeater Wizard web management section to minimize the risk of exploitation.