cbcvebase.
CVE-2021-28150
published 2021-05-06

CVE-2021-28150: Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf (with the administrator password and other sensitive data) via /backup2.cgi.

PriorityP277medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
2.58%
83.3th percentile
Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf (with the administrator password and other sensitive data) via /backup2.cgi.

Affected

1 ranges
VendorProductVersion rangeFixed in
hongdianh8922_firmware

Detection & IOCsextracted from sources · hover to see the quote

path/backup2.cgi
filenamecli.conf
otherAuthorization: Basic Z3Vlc3Q6Z3Vlc3Q=
  • HTTP response Content-Type header 'application/octet-stream' on /backup2.cgi indicates successful config file download
  • Response body containing 'CLI configuration saved from vty' or 'service webadmin' confirms sensitive configuration disclosure via /backup2.cgi
  • Unauthenticated or guest-authenticated GET request to /backup2.cgi returning HTTP 200 with octet-stream body is the exploit pattern
  • ·The Base64 credential 'Z3Vlc3Q6Z3Vlc3Q=' decodes to 'guest:guest' and 'YWRtaW46YWRtaW4=' decodes to 'admin:admin' — these are default credentials used in the exploit; real deployments may use different passwords, but the path /backup2.cgi remains the vulnerable endpoint regardless of credentials.
  • ·Vulnerability is specific to Hongdian H8922 firmware version 3.0.5; other versions are not confirmed affected.

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
vulncheck5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.