A vulnerability is in the 'fctest.shtml' page of the Wavlink-WiFi-Repeater,Firmware package version RPTA2-77W.M4300.01.GD.2017Sep19,Information about the repeater can be obtained by accessing the constructed URL.
Unauthorized users can obtain the key information of the router by visiting:
http://xxx.xxx.xxx.xxx/fctest.shtml
Wavlink-WiFi-Repeater
When the router is running, all the operations of the user are stored in the syslog.shtml page, and the identity verification process is not performed
Penwei.Huang

