CVE-2017-8770

HIGH

BE126 WIFI Repeater 1.0 - Local File Disclosure via getpage Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-8770. PoCs published by Hay Mizrachi.

AI-analyzed exploit summary This exploit demonstrates a Local File Inclusion (LFI) vulnerability in WIFI Repeater BE126 via the 'getpage' parameter. It allows unauthenticated attackers to read sensitive files like /etc/passwd and /etc/shadow by manipulating the URL path.

Description

There is LFD (local file disclosure) on BE126 WIFI repeater 1.0 devices that allows attackers to read the entire filesystem on the device via a crafted getpage parameter.

Exploits (1)

exploitdb WORKING POC

by Hay Mizrachi · pythonwebappshardware

https://www.exploit-db.com/exploits/42547

View Code ZIP pw:eip

This exploit demonstrates a Local File Inclusion (LFI) vulnerability in WIFI Repeater BE126 via the 'getpage' parameter. It allows unauthenticated attackers to read sensitive files like /etc/passwd and /etc/shadow by manipulating the URL path.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: WIFI Repeater BE126 1.0

No auth needed

Prerequisites: Network access to the target device

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Technical Description, Third Party Advisory x_refsource_misc

http://www.digitalwhisper.co.il/files/Zines/0x56/DW86-1-RepeaterHack.pdf

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/42547/

Scores

CVSS v3 7.5

EPSS 0.1029

EPSS Percentile 95.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-200

Status published

Products (1)

twsz/wifi_repeater_firmware

Published Sep 20, 2017

Tracked Since Feb 18, 2026