cbcvebase.

Hongdian H8922 Firmware vulnerabilities

4 known vulnerabilities affecting hongdian/h8922_firmware.

Total CVEs
4
CISA KEV
0
Public exploits
3
Exploited in wild
4
Severity breakdown
CRITICAL1HIGH1MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2021-28151P1HIGHCVSS 8.8ExploitedPoCv3.0.52021-05-06
CVE-2021-28151 [HIGH] CWE-78 CVE-2021-28151: Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address (aka Destination) field to the tools.cgi ping command, which is accessible with the username guest and password guest.
nvd
CVE-2021-28149P2MEDIUMCVSS 6.5ExploitedPoCv3.0.52021-05-06
CVE-2021-28149 [MEDIUM] CWE-22 CVE-2021-28149: Hongdian H8922 3.0.5 devices allow Directory Traversal. The /log_download.cgi log export handler doe Hongdian H8922 3.0.5 devices allow Directory Traversal. The /log_download.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ (e.g., ../../etc/passwd) This can be carried out with a web browser by changing the file name accordingly. Upon visi
nvd
CVE-2021-28150P2MEDIUMCVSS 5.5ExploitedPoCv3.0.52021-05-06
CVE-2021-28150 [MEDIUM] CWE-425 CVE-2021-28150: Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf (with the administra Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf (with the administrator password and other sensitive data) via /backup2.cgi.
nvd
CVE-2021-28152P1CRITICALCVSS 9.8Exploitedv3.0.52021-05-06
CVE-2021-28152 [CRITICAL] CWE-287 CVE-2021-28152: Hongdian H8922 3.0.5 devices have an undocumented feature that allows access to a shell as a superus Hongdian H8922 3.0.5 devices have an undocumented feature that allows access to a shell as a superuser. To connect, the telnet service is used on port 5188 with the default credentials of root:superzxmn.
nvd
Hongdian H8922 Firmware vulnerabilities | cvebase