Headline
CVE-2022-34572: CVE_Request/WiFi-Repeater_tftp.md at main · pghuanghui/CVE_Request
An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the telnet password via accessing the page tftp.txt.
Permalink
Cannot retrieve contributors at this time
0x01 Vulnerability description
A vulnerability is in the ‘tftp.txt’ page of the Wavlink-WiFi-Repeater,Firmware package version RPTA2-77W.M4300.01.GD.2017Sep19,The attacker can access the constructed page to obtain the telnet account password.
Unauthorized users can obtain the key information of the router by visiting:
http://xxx.xxx.xxx.xxx/tftp.txt
0x02 Affected version****0x03 Vulnerability
The txt text does not set reasonable access rights.
0x04 PoC verification
0x05 Acknowledgement
Penwei.Huang