Vulnerability Description
Hongdian H8922 3.0.5 devices allow Directory Traversal. The /log_download.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ (e.g., ../../etc/passwd) This can be carried out with a web browser by changing the file name accordingly. Upon visiting log_download.cgi?type=../../etc/passwd and logging in, the web server will allow a download of the contents of the /etc/passwd file.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hongdian | H8922 Firmware | 3.0.5 |
| Hongdian | H8922 | - |
Related Weaknesses (CWE)
References
- http://en.hongdian.com/Products/Details/H8922ProductVendor Advisory
- https://ssd-disclosure.com/ssd-advisory-hongdian-h8922-multiple-vulnerabilities/ExploitThird Party Advisory
- http://en.hongdian.com/Products/Details/H8922ProductVendor Advisory
- https://ssd-disclosure.com/ssd-advisory-hongdian-h8922-multiple-vulnerabilities/ExploitThird Party Advisory
FAQ
What is CVE-2021-28149?
CVE-2021-28149 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Hongdian H8922 3.0.5 devices allow Directory Traversal. The /log_download.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file ...
How severe is CVE-2021-28149?
CVE-2021-28149 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-28149?
Check the references section above for vendor advisories and patch information. Affected products include: Hongdian H8922 Firmware, Hongdian H8922.