Lucene search

H8922 Firmware Security Vulnerabilities

cve

CVE-2021-28152

Hongdian H8922 3.0.5 devices have an undocumented feature that allows access to a shell as a superuser. To connect, the telnet service is used on port 5188 with the default credentials of...

9.8CVSS

9.3AI Score

0.005EPSS

2021-05-06 04:15 PM

cve

CVE-2021-28150

Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf (with the administrator password and other sensitive data) via...

5.5CVSS

5.5AI Score

0.003EPSS

2021-05-06 04:15 PM

cve

CVE-2021-28149

Hongdian H8922 3.0.5 devices allow Directory Traversal. The /log_download.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ (e.g., ../../etc/passwd) This can be carried out with a web...

6.5CVSS

6.7AI Score

0.076EPSS

2021-05-06 04:15 PM

cve

CVE-2021-28151

Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address (aka Destination) field to the tools.cgi ping command, which is accessible with the username guest and password...

8.8CVSS

9AI Score

0.964EPSS

2021-05-06 04:15 PM