CVE-2021-28936

Name of the Vulnerable Software and Affected Versions: Acexy Wireless-N WiFi Repeater REV 1.0 version 28.08.06.1

Description: The issue allows the administrator password to be changed by sending a specially crafted HTTP GET request. The administrator username, which defaults to admin, must be known, but no previous authentication is required.

Recommendations: For Acexy Wireless-N WiFi Repeater REV 1.0 version 28.08.06.1, consider restricting access to the web management interface until a fix is available. As a temporary workaround, changing the default administrator username admin to a unique and strong username may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.