NVD Vulnerability Detail

CVE-2021-30028

Summary	SOOTEWAY Wi-Fi Range Extender v1.5 was discovered to use default credentials (the admin password for the admin account) to access the TELNET service, allowing attackers to erase/read/write the firmware remotely.
Publication Date	May 21, 2022, 12:15 a.m.
Registration Date	May 21, 2022, 10 a.m.
Last Update	Nov. 21, 2024, 3:03 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:o:sooteway_wi-fi_range_extender_project:sooteway_wi-fi_range_extender:1.5:::::::*
execution environment
1	cpe:2.3:h:sooteway_wi-fi_range_extender_project:sooteway_wi-fi_range_extender:-:::::::*

Related information, measures and tools

No	URL	タグ
1	https://blog-ssh3ll.medium.com/acexy-wireless-n-wifi-repeater-vulnerabilities-8bd5d14a2990	Exploit Third Party Advisory
2	https://blog-ssh3ll.medium.com/acexy-wireless-n-wifi-repeater-vulnerabilities-8bd5d14a2990	Exploit Third Party Advisory
3	https://www.amazon.it/SOOTEWAY-Ripetitore-Extender-Wireless-Wmplificatore/dp/B08G55T46P	Product
4	https://www.amazon.it/SOOTEWAY-Ripetitore-Extender-Wireless-Wmplificatore/dp/B08G55T46P	Product

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-287	不適切な認証	https://cwe.mitre.org/data/definitions/287.html

JVN Vulnerability Information

sooteway wi-fi range extender project の sooteway wi-fi range extender における重要な機能に対する認証の欠如に関する脆弱性

Title	sooteway wi-fi range extender project の sooteway wi-fi range extender における重要な機能に対する認証の欠如に関する脆弱性
Summary	sooteway wi-fi range extender project の sooteway wi-fi range extender には、重要な機能に対する認証の欠如に関する脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	参考情報を参照して適切な対策を実施してください。
Publication Date	April 2, 2021, midnight
Registration Date	Aug. 10, 2023, 5:28 p.m.
Last Update	Aug. 10, 2023, 5:28 p.m.

Affected System

sooteway wi-fi range extender project

sooteway wi-fi range extender 1.5

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2021-30028	https://www.cve.org/CVERecord?id=CVE-2021-30028
National Vulnerability Database (NVD)
2	CVE-2021-30028	https://nvd.nist.gov/vuln/detail/CVE-2021-30028

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-306	https://cwe.mitre.org/data/definitions/306.html

その他

No	Name	URL
関連文書
1	blog-ssh3ll.medium.com (acexy-wireless-n-wifi-repeater-vulnerabilities-8bd5d14a2990)	https://blog-ssh3ll.medium.com/acexy-wireless-n-wifi-repeater-vulnerabilities-8bd5d14a2990
2	www.amazon.it (B08G55T46P)	https://www.amazon.it/SOOTEWAY-Ripetitore-Extender-Wireless-Wmplificatore/dp/B08G55T46P

Change Log

No	Changed Details	Date of change
1	[2023年08月10日] 掲載	Aug. 10, 2023, 5:28 p.m.