4 matches found
CVE-2021-28149
Hongdian H8922 3.0.5 devices allow Directory Traversal. The /logdownload.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ e.g., ../../etc/passwd This can be carried out with a web...
Hongdian H8922 Command Injection (CVE-2021-28151; CVE-2021-28149)
A command injection vulnerability exists in Hongdian H8922. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
CVE-2021-28149
CVE-2021-28149 (Hongdian H8922 3.0.5) is a local file inclusion vulnerability in the device’s /log_download.cgi log export handler. The issue arises because user input is not validated, allowing a remote attacker with minimal privileges to download arbitrary files from the device by substituting ...
CVE-2021-28149
creationtimestamp| type| source ---|---|--- 2021-04-29 07:23:32+00:00| published-proof-of-concept| https://t.me/pwnwikizhchannel/277 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-28149.yaml 2025-01-26 00:00:00+00:00|...