VYPR

WiFi Repeater Firmware

by Twsz

CVEs (4)

  • CVE-2017-8772CriSep 20, 2017
    risk 0.64cvss 9.8epss 0.01

    On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:"root" password:"root") and can: 1. Read the entire file system; 2. Write to the file system; or 3. Execute any code that attacker desires…

  • CVE-2017-8771CriSep 20, 2017
    risk 0.64cvss 9.8epss 0.01

    On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:"root" password:"root"). The attacker can make a user that is connected to the repeater click on a malicious link that will log into the…

  • CVE-2017-13713HigSep 7, 2017
    risk 0.61cvss 8.8epss 0.09

    T&W WIFI Repeater BE126 allows remote authenticated users to execute arbitrary code via shell metacharacters in the user parameter to cgi-bin/webupg.

  • CVE-2017-8770HigSep 20, 2017
    risk 0.53cvss 7.5epss 0.10

    There is LFD (local file disclosure) on BE126 WIFI repeater 1.0 devices that allows attackers to read the entire filesystem on the device via a crafted getpage parameter.