The following advisory describes two (2) vulnerabilities found in Coredy CX-E120 Repeater.
The Coredy CX-E120 WiFi Range Extender is “a network device with multifunction, which can be using for increasing the distance of a WiFi network by boosting the existing WiFi signal and enhancing the overall signal quality over long distances. An extender repeats the signals from an existing WiFi router or access point.”
The vulnerabilities found are:
- Unauthenticated Root Password Reset
- Unauthenticated Remote Command Execution
An independent security researcher, Corben Douglas (@sxcurity), has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program
Coredy has released patches to address these vulnerabilities (WN575A3-A-RPTA3-75W.M4300.01.GD.2017Nov22-WEBC.bin).