A vulnerability is in the 'syslog.shtml' page of the Wavlink-WiFi-Repeater,Firmware package version RPTA2-77W.M4300.01.GD.2017Sep19,Attackers can use this page to configure various functions of the repeater.
Unauthorized users can obtain the key information of the router by visiting:
http://xxx.xxx.xxx.xxx/syslog.shtml
Wavlink-WiFi-Repeater
When the router is running, all the operations of the user are stored in the syslog.shtml page, and the identity verification process is not performed
![(wavlink-WiFi-Repeater_syslog.shtml.assets/image-20220623145655255.png)
Penwei.Huang