49 matches found
Hongdian H8922 3.0.5 - Remote Command Injection
Hongdian H8922 3.0.5 devices are susceptible to remote command injection via shell metacharacters into the ip-address a/k/a Destination field to the tools.cgi ping command, which is accessible with the username guest and password guest. An attacker can execute malware, obtain sensitive informatio...
Hongdian H8922 3.0.5 Devices - Local File Inclusion
Hongdian H8922 3.0.5 devices are vulnerable to local file inclusion. The /logdownload.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ e.g., ../../etc/passwd This can be carried out wi...
Hongdian H8922 3.0.5 - Information Disclosure
Hongdian H8922 3.0.5 is susceptible to information disclosure. An attacker can access cli.conf with the administrator password and other sensitive data via /backup2.cgi and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2021-28150 info:...
CVE-2021-28149
Hongdian H8922 3.0.5 devices allow Directory Traversal. The /logdownload.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ e.g., ../../etc/passwd This can be carried out with a web...
CVE-2021-28150
Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf with the administrator password and other sensitive data via /backup2.cgi...
CVE-2021-28151
Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address aka Destination field to the tools.cgi ping command, which is accessible with the username guest and password guest...
CVE-2021-28152
Hongdian H8922 3.0.5 devices have an undocumented feature that allows access to a shell as a superuser. To connect, the telnet service is used on port 5188 with the default credentials of root:superzxmn...
Hongdian Router H8951-4G-ESP Security Vulnerability
The Hongdian Router H8951-4G-ESP is a wireless router from China Hongdian. A security vulnerability exists in versions prior to Hongdian H8951-4G-ESP 2310271149. An attacker can use this vulnerability to upload an arbitrary CGI-compatible file using a certificate and execute the file with root...
Hongdian Router H8951-4G-ESP Security Vulnerability
The Hongdian Router H8951-4G-ESP is a wireless router from Hongdian, China. A security vulnerability exists in the Hongdian Router H8951-4G-ESP prior to version 2310271149, which can be exploited to access the router console without authenticating in the "data" field. An attacker could use this...
Hongdian Router H8951-4G-ESP Security Vulnerability
The Hongdian Router H8951-4G-ESP is a wireless router from China Hongdian. A security vulnerability exists in versions prior to Hongdian Router H8951-4G-ESP 2310271149. An attacker could exploit this vulnerability to perform cross-site scripting attacks...
Hongdian Router H8951-4G-ESP Security Vulnerability
The Hongdian Router H8951-4G-ESP is a wireless router from China Hongdian. A security vulnerability exists in versions prior to Hongdian Router H8951-4G-ESP 2310271149. An attacker could exploit this vulnerability to perform cross-site scripting attacks...
Hongdian Router H8951-4G-ESP Security Vulnerability
The Hongdian Router H8951-4G-ESP is a wireless router from Hongdian, China. A security vulnerability exists in the Hongdian Router H8951-4G-ESP prior to version 2310271149, which stems from the "tokenKey" value used in user authorization being visible in the HTML source code of the login page...
Hongdian Router H8951-4G-ESP Security Vulnerability
The Hongdian Router H8951-4G-ESP is a wireless router from China Hongdian. A security vulnerability exists in versions prior to Hongdian Router H8951-4G-ESP 2310271149, which originates from the ability to unauthorizedly download a configuration backup and decrypt the contained passwords using a...
Hongdian Router H8951-4G-ESP Trust Management Issues Vulnerability
The Hongdian Router H8951-4G-ESP is a wireless router from China Hongdian. A security vulnerability exists in versions prior to Hongdian Router H8951-4G-ESP 2310271149 that stems from the use of hard-coded passwords...
Hongdian Router H8951-4G-ESP Security Vulnerability
The Hongdian Router H8951-4G-ESP is a wireless router from China Hongdian. A security vulnerability exists in versions prior to Hongdian Router H8951-4G-ESP 2310271149. An attacker can exploit this vulnerability to execute arbitrary commands in a root user environment...
Hongdian Router H8951-4G-ESP Security Vulnerability
The Hongdian Router H8951-4G-ESP is a wireless router from China Hongdian. A security vulnerability exists in versions prior to Hongdian H8951-4G-ESP 2310271149. An attacker can exploit this vulnerability to bypass the authentication mechanism by overflowing the value of the "authentication" fiel...
Hongdian Router H8951-4G-ESP Security Vulnerability
The Hongdian Router H8951-4G-ESP is a wireless router from China Hongdian. A security vulnerability exists in versions prior to Hongdian H8951-4G-ESP 2310271149, which stems from the authentication cookie being generated using an algorithm based on a username, hard-coded password, and uptime, and...
VulnCheck KEV: CVE-2021-28151
Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address aka Destination field to the tools.cgi ping command, which is accessible with the username guest and password guest...
VulnCheck KEV: CVE-2021-28152
Hongdian H8922 3.0.5 devices have an undocumented feature that allows access to a shell as a superuser. To connect, the telnet service is used on port 5188 with the default credentials of root:superzxmn...
VulnCheck KEV: CVE-2021-28149
Hongdian H8922 3.0.5 devices allow Directory Traversal. The /logdownload.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ e.g., ../../etc/passwd This can be carried out with a web...