On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:"root" password:"root") and can: 1. Read the entire file system; 2. Write to the file system; or 3. Execute any code that attacker desires (malicious or not).
References
Link | Resource |
---|---|
http://www.digitalwhisper.co.il/files/Zines/0x56/DW86-1-RepeaterHack.pdf | Third Party Advisory |
http://www.digitalwhisper.co.il/files/Zines/0x56/DW86-1-RepeaterHack.pdf | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 03:34
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.digitalwhisper.co.il/files/Zines/0x56/DW86-1-RepeaterHack.pdf - Third Party Advisory |
Information
Published : 2017-09-20 14:29
Updated : 2024-11-21 03:34
NVD link : CVE-2017-8772
Mitre link : CVE-2017-8772
CVE.ORG link : CVE-2017-8772
JSON object : View
Products Affected
twsz
- wifi_repeater_firmware
- wifi_repeater
CWE
CWE-798
Use of Hard-coded Credentials