CVE-2021-28936

HIGH

Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) - Unauthenticated Administrator Password Change

Title source: llm

Description

The Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) Web management administrator password can be changed by sending a specially crafted HTTP GET request. The administrator username has to be known (default:admin) whereas no previous authentication is required.

References (3)

Core 3

Core References

Exploit, Third Party Advisory x_refsource_misc

https://blog-ssh3ll.medium.com/acexy-wireless-n-wifi-repeater-vulnerabilities-8bd5d14a2990

Broken Link x_refsource_misc

http://acexy.com

Broken Link x_refsource_misc

http://wireless-n.com

Scores

CVSS v3 7.5

EPSS 0.0260

EPSS Percentile 83.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-863

Status published

Products (1)

acexy/wireless-n_wifi_repeater_firmware 28.08.06.1

Published Mar 29, 2021

Tracked Since Feb 18, 2026