CVE-2021-28936 – This vulnerability allows unauthenticated attac... (How to Fix)

Q: What is the severity of CVE-2021-28936?

CVE-2021-28936 has a CVSS score of 7.5 (HIGH). This vulnerability allows unauthenticated attackers to change the administrator password on Acexy Wireless-N WiFi Repeater devices by sending a specially crafted HTTP GET request. Attackers only need to know the default admin username (admin) to exploit this flaw. All users of the affected device model with vulnerable firmware are at risk.

📋 TL;DR

This vulnerability allows unauthenticated attackers to change the administrator password on Acexy Wireless-N WiFi Repeater devices by sending a specially crafted HTTP GET request. Attackers only need to know the default admin username (admin) to exploit this flaw. All users of the affected device model with vulnerable firmware are at risk.

💻 Affected Systems

Products:

Acexy Wireless-N WiFi Repeater REV 1.0

Versions: Firmware version 28.08.06.1

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices with this firmware version are vulnerable out-of-the-box. The web management interface is typically enabled by default.

📦 What is this software?

Wireless N Wifi Repeater Firmware by Acexy

View all CVEs affecting Wireless N Wifi Repeater Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the WiFi repeater allowing attackers to change network settings, intercept traffic, deploy malware to connected devices, or use the device as a pivot point into the internal network.

🟠

Likely Case

Unauthorized administrative access leading to network configuration changes, traffic monitoring, and potential credential theft from connected devices.

🟢

If Mitigated

Limited impact if device is behind firewall with restricted web interface access and strong network segmentation.

🌐 Internet-Facing: HIGH - Web management interface is typically accessible from the network, making internet-facing devices extremely vulnerable.

🏢 Internal Only: HIGH - Even internally, any attacker on the network can exploit this without authentication.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only a simple HTTP GET request with known default username. No authentication or special tools needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No vendor advisory found

Restart Required: No

Instructions:

No official patch available. Check manufacturer website for firmware updates. If unavailable, implement workarounds.

🔧 Temporary Workarounds

Disable Web Management Interface

all

Disable the web management interface if not needed for regular operations

Check device documentation for disabling web interface

Network Access Control

linux

Restrict access to the repeater's management interface using firewall rules

iptables -A INPUT -p tcp --dport 80 -s trusted_ip -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP

🧯 If You Can't Patch

Replace vulnerable device with a secure alternative
Isolate the repeater on a dedicated VLAN with strict firewall rules preventing management interface access

🔍 How to Verify

Check if Vulnerable:

Attempt to change admin password via HTTP GET request to device IP: http://device_ip/cgi-bin/webproc?getpage=html/index.html&var:username=admin&var:password=newpassword

Check Version:

Check device web interface or console for firmware version information

Verify Fix Applied:

Attempt the same exploit after implementing controls - should fail or require authentication

📡 Detection & Monitoring

Log Indicators:

HTTP GET requests to /cgi-bin/webproc with password change parameters
Failed login attempts followed by successful password change

Network Indicators:

HTTP traffic to device management port (typically 80) containing password change parameters
Unusual administrative access from unexpected IP addresses

SIEM Query:

source="web_logs" AND uri="/cgi-bin/webproc" AND (query="*password*" OR query="*var:*")

📊 Metadata

CVE ID: CVE-2021-28936

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE: CWE-863

Published: March 29, 2021

Last Updated: November 21, 2024

🔗 References

http://acexy.com Broken Link
http://wireless-n.com Broken Link
https://blog-ssh3ll.medium.com/acexy-wireless-n-wifi-repeater-vulnerabilities-8bd5d14a2990 Exploit,Third Party Advisory
http://acexy.com Broken Link
http://wireless-n.com Broken Link
https://blog-ssh3ll.medium.com/acexy-wireless-n-wifi-repeater-vulnerabilities-8bd5d14a2990 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-28936, you might also want to check these: