Hongdian H8922 Firmware vulnerabilities
4 known vulnerabilities affecting hongdian/h8922_firmware.
Total CVEs
4
CISA KEV
0
Public exploits
3
Exploited in wild
4
Severity breakdown
CRITICAL1HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2021-28151P1HIGHCVSS 8.8ExploitedPoCv3.0.52021-05-06
CVE-2021-28151 [HIGH] CWE-78 CVE-2021-28151: Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address
Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address (aka Destination) field to the tools.cgi ping command, which is accessible with the username guest and password guest.
nvd
CVE-2021-28149P2MEDIUMCVSS 6.5ExploitedPoCv3.0.52021-05-06
CVE-2021-28149 [MEDIUM] CWE-22 CVE-2021-28149: Hongdian H8922 3.0.5 devices allow Directory Traversal. The /log_download.cgi log export handler doe
Hongdian H8922 3.0.5 devices allow Directory Traversal. The /log_download.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ (e.g., ../../etc/passwd) This can be carried out with a web browser by changing the file name accordingly. Upon visi
nvd
CVE-2021-28150P2MEDIUMCVSS 5.5ExploitedPoCv3.0.52021-05-06
CVE-2021-28150 [MEDIUM] CWE-425 CVE-2021-28150: Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf (with the administra
Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf (with the administrator password and other sensitive data) via /backup2.cgi.
nvd
CVE-2021-28152P1CRITICALCVSS 9.8Exploitedv3.0.52021-05-06
CVE-2021-28152 [CRITICAL] CWE-287 CVE-2021-28152: Hongdian H8922 3.0.5 devices have an undocumented feature that allows access to a shell as a superus
Hongdian H8922 3.0.5 devices have an undocumented feature that allows access to a shell as a superuser. To connect, the telnet service is used on port 5188 with the default credentials of root:superzxmn.
nvd