So I’ve not-so-recently had to buy one of those WiFi range extender… things. I’ve opted to pick the AirTies Air 4930… thing, as my ISP offered that one for relatively cheap :)
After a quick setup of the devices I was presented with a gorgeous admin interface:
Although I spent some time fiddling around with the settings and interesting looking functionality, I did not find readily exploitable web vulnerabilities which would have be fun to talk about (sorry).
Instead, I’ve discovered a fun little feature. If you listen closely when navigating to the admin interface, you might just start disliking your newly bought WiFi range extender:
I’m sure there’s a good reason why my password for accessing the AirTies admin interface is hurled at me in cleartext by just navigating to the login page. 😾