Vulnerability CVE-2021-28150
Published: 2021-05-06

Description:
Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf (with the administrator password and other sensitive data) via /backup2.cgi.

Type:

CWE-20

 (Improper Input Validation)

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.1/10
2.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
http://en.hongdian.com/Products/Details/H8922
https://ssd-disclosure.com/ssd-advisory-hongdian-h8922-multiple-vulnerabilities/
Copyright 2024, cxsecurity.com

 

Back to Top