CVE-2021-28936

Description


The Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) Web management administrator password can be changed by sending a specially crafted HTTP GET request. The administrator username has to be known (default:admin) whereas no previous authentication is required.

CvssV3 impact


BaseSeverity

HIGH

ConfidentialityImpact

NONE

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

NETWORK

AvailabilityImpact

NONE

IntegrityImpact

HIGH

PrivilegesRequired

NONE

BaseScore

7.5

VectorString

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Version

3.1

UserInteraction

NONE

CvssV2 impact


AccessComplexity

LOW

ConfidentialityImpact

NONE

AvailabilityImpact

NONE

IntegrityImpact

PARTIAL

BaseScore

5

VectorString

AV:N/AC:L/Au:N/C:N/I:P/A:N

Version

2.0

AccessVector

NETWORK

Authentication

NONE