CVE-2021-30028 – SOOTEWAY Wi-Fi Range Extender v1.5 uses default... (How to Fix)

Q: What is the severity of CVE-2021-30028?

CVE-2021-30028 has a CVSS score of 7.2 (HIGH). SOOTEWAY Wi-Fi Range Extender v1.5 uses default admin credentials for its TELNET service, allowing attackers to remotely access and modify the device firmware. This affects users who haven't changed the default password on these specific range extenders.

📋 TL;DR

SOOTEWAY Wi-Fi Range Extender v1.5 uses default admin credentials for its TELNET service, allowing attackers to remotely access and modify the device firmware. This affects users who haven't changed the default password on these specific range extenders.

💻 Affected Systems

Products:

SOOTEWAY Wi-Fi Range Extender

Versions: v1.5

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects devices with TELNET service enabled and default credentials unchanged.

📦 What is this software?

Sooteway Wi Fi Range Extender by Sooteway Wi Fi Range Extender Project

View all CVEs affecting Sooteway Wi Fi Range Extender →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain full control of the device, erase or replace firmware with malicious code, create persistent backdoors, and potentially pivot to attack other network devices.

🟠

Likely Case

Attackers access the device via TELNET using default credentials, read sensitive configuration data, and potentially disrupt network connectivity.

🟢

If Mitigated

With proper password management and network segmentation, impact is limited to isolated device compromise without network-wide consequences.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires TELNET access and knowledge of default credentials.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None found

Restart Required: No

Instructions:

No official patch available. Change default admin password immediately.

🔧 Temporary Workarounds

Change Default Credentials

all

Change the admin password from default to a strong, unique password.

telnet [device_ip]
login: admin
password: [current_password]
set password [new_password]

Disable TELNET Service

all

Disable TELNET service if not required for device management.

telnet [device_ip]
login: admin
password: [password]
disable telnet

🧯 If You Can't Patch

Change default admin password immediately
Disable TELNET service if not needed
Isolate device on separate VLAN
Implement network access controls to restrict TELNET access

🔍 How to Verify

Check if Vulnerable:

Attempt TELNET connection to device on port 23 using default credentials (admin/admin).

Check Version:

Check device web interface or packaging for firmware version.

Verify Fix Applied:

Verify TELNET access is denied with default credentials and new password works.

📡 Detection & Monitoring

Log Indicators:

Failed TELNET authentication attempts
Successful TELNET logins with default credentials

Network Indicators:

TELNET connections to device on port 23
Unusual firmware modification traffic

SIEM Query:

source="device_logs" AND (event="TELNET login" AND user="admin")

📊 Metadata

CVE ID: CVE-2021-30028

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-287

Published: May 20, 2022

Last Updated: November 21, 2024

🔗 References

https://blog-ssh3ll.medium.com/acexy-wireless-n-wifi-repeater-vulnerabilities-8bd5d14a2990 Exploit,Third Party Advisory
https://www.amazon.it/SOOTEWAY-Ripetitore-Extender-Wireless-Wmplificatore/dp/B08G55T46P Product
https://blog-ssh3ll.medium.com/acexy-wireless-n-wifi-repeater-vulnerabilities-8bd5d14a2990 Exploit,Third Party Advisory
https://www.amazon.it/SOOTEWAY-Ripetitore-Extender-Wireless-Wmplificatore/dp/B08G55T46P Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-30028, you might also want to check these: