Lucene search
K

31 matches found

Nuclei
Nuclei
added 11 hours ago32 views

Hongdian H8922 3.0.5 - Information Disclosure

Hongdian H8922 3.0.5 is susceptible to information disclosure. An attacker can access cli.conf with the administrator password and other sensitive data via /backup2.cgi and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2021-28150 info:...

5.5CVSS6.2AI score0.02584EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday109 views

Hongdian H8922 3.0.5 Devices - Local File Inclusion

Hongdian H8922 3.0.5 devices are vulnerable to local file inclusion. The /logdownload.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ e.g., ../../etc/passwd This can be carried out wi...

6.5CVSS6.9AI score0.13751EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/01/09 11:26 a.m.6 views

CVE-2021-28149

Hongdian H8922 3.0.5 devices allow Directory Traversal. The /logdownload.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ e.g., ../../etc/passwd This can be carried out with a web...

6.5CVSS6.8AI score0.13751EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:25 a.m.9 views

CVE-2021-28150

Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf with the administrator password and other sensitive data via /backup2.cgi...

5.5CVSS6.9AI score0.02584EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:25 a.m.6 views

CVE-2021-28151

Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address aka Destination field to the tools.cgi ping command, which is accessible with the username guest and password guest...

9CVSS7.7AI score0.27912EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:33 p.m.6 views

CVE-2021-28152

Hongdian H8922 3.0.5 devices have an undocumented feature that allows access to a shell as a superuser. To connect, the telnet service is used on port 5188 with the default credentials of root:superzxmn...

9.8CVSS7AI score0.05185EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2021/10/07 12:0 a.m.8 views

VulnCheck KEV: CVE-2021-28152

Hongdian H8922 3.0.5 devices have an undocumented feature that allows access to a shell as a superuser. To connect, the telnet service is used on port 5188 with the default credentials of root:superzxmn...

9.8CVSS7.3AI score0.05185EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2021/10/07 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-28149

Hongdian H8922 3.0.5 devices allow Directory Traversal. The /logdownload.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ e.g., ../../etc/passwd This can be carried out with a web...

6.5CVSS7AI score0.13751EPSS
Exploits1References1
Check Point Advisories
Check Point Advisories
added 2021/05/27 12:0 a.m.6 views

Hongdian H8922 Command Injection (CVE-2021-28151; CVE-2021-28149)

A command injection vulnerability exists in Hongdian H8922. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

9CVSS5.4AI score0.27912EPSS
Exploits2
NVD
NVD
added 2021/05/06 4:15 p.m.19 views

CVE-2021-28151

Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address aka Destination field to the tools.cgi ping command, which is accessible with the username guest and password guest...

9CVSS0.27912EPSS
Exploits1References2
OSV
OSV
added 2021/05/06 4:15 p.m.2 views

CVE-2021-28152

Hongdian H8922 3.0.5 devices have an undocumented feature that allows access to a shell as a superuser. To connect, the telnet service is used on port 5188 with the default credentials of root:superzxmn...

9.8CVSS5.8AI score0.05185EPSS
Exploits1References2
NVD
NVD
added 2021/05/06 4:15 p.m.16 views

CVE-2021-28149

Hongdian H8922 3.0.5 devices allow Directory Traversal. The /logdownload.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ e.g., ../../etc/passwd This can be carried out with a web...

6.5CVSS0.13751EPSS
Exploits1References2
OSV
OSV
added 2021/05/06 4:15 p.m.4 views

CVE-2021-28149

Hongdian H8922 3.0.5 devices allow Directory Traversal. The /logdownload.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ e.g., ../../etc/passwd This can be carried out with a web...

6.5CVSS6.9AI score0.13751EPSS
Exploits1References2
OSV
OSV
added 2021/05/06 4:15 p.m.4 views

CVE-2021-28151

Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address aka Destination field to the tools.cgi ping command, which is accessible with the username guest and password guest...

8.8CVSS7.3AI score0.27912EPSS
Exploits1References2
NVD
NVD
added 2021/05/06 4:15 p.m.17 views

CVE-2021-28150

Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf with the administrator password and other sensitive data via /backup2.cgi...

5.5CVSS0.02584EPSS
Exploits1References2
OSV
OSV
added 2021/05/06 4:15 p.m.4 views

CVE-2021-28150

Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf with the administrator password and other sensitive data via /backup2.cgi...

5.5CVSS6.1AI score0.02584EPSS
Exploits1References2
Prion
Prion
added 2021/05/06 4:15 p.m.16 views

Default credentials

Hongdian H8922 3.0.5 devices have an undocumented feature that allows access to a shell as a superuser. To connect, the telnet service is used on port 5188 with the default credentials of root:superzxmn...

7.5CVSS9.4AI score0.05185EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2021/05/06 4:15 p.m.25 views

Directory traversal

Hongdian H8922 3.0.5 devices allow Directory Traversal. The /logdownload.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ e.g., ../../etc/passwd This can be carried out with a web...

4CVSS6.4AI score0.13751EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2021/05/06 4:15 p.m.15 views

Command injection

Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address aka Destination field to the tools.cgi ping command, which is accessible with the username guest and password guest...

9CVSS9.2AI score0.27912EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2021/05/06 4:15 p.m.22 views

Default credentials

Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf with the administrator password and other sensitive data via /backup2.cgi...

2.1CVSS5.5AI score0.02584EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder