Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address (aka Destination) field to the tools.cgi ping command, which is accessible with the username guest and password guest.
CPE | Name | Operator | Version |
---|---|---|---|
h8922_firmware | eq | 3.0.5 |