Sitecom WLX-2006 Wall Mount Range Extender N300 Default Credentials Vulnerability

A vulnerability allowing unauthorized access through default credentials has been identified in the Sitecom WLX-2006 Wall Mount Range Extender N300, all firmware versions through 1.5. The issue arises from hardcoded credentials in the Telnet service, which can be exploited by remote attackers to gain full administrative access to the device. This access allows for command execution, configuration dumping, and further exploitation of the system.

Impact

Exploitation of this vulnerability grants full administrative access to the device via Telnet, allowing for command execution and potential further exploitation of the system.

Reproduction

To reproduce this vulnerability, initiate a Telnet session to the IP address of the vulnerable Sitecom WLX-2006 extender on port 23. Use 'root' as both the username and password to gain administrative access.