PT-2022-9947 · Sooteway · Sooteway Wi-Fi Range Extender
Published
2022-05-20
·
Updated
2023-08-08
·
CVE-2021-30028
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
SOOTEWAY Wi-Fi Range Extender version 1.5
Description
The issue allows attackers to access the TELNET service using default credentials, specifically the admin password for the admin account. This access enables attackers to erase, read, or write the firmware remotely.
Recommendations
For SOOTEWAY Wi-Fi Range Extender version 1.5, change the default admin password to a strong, unique password to prevent unauthorized access to the TELNET service. As a temporary workaround, consider disabling the TELNET service until a patch is available. Restrict access to the device to minimize the risk of exploitation.
Exploit
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sooteway Wi-Fi Range Extender