6 matches found
CVE-2021-28151
Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address aka Destination field to the tools.cgi ping command, which is accessible with the username guest and password guest...
EUVD-2023-53256
Malicious code in bioql PyPI...
Design/Logic Flaw
Authenticated user can execute arbitrary commands in the context of the root user by providing payload in the "destination" field of the network test tools. This is similar to the vulnerability CVE-2021-28151 mitigated on the user interface level by blacklisting characters with JavaScript, howeve...
Hongdian H8922 Command Injection (CVE-2021-28151; CVE-2021-28149)
A command injection vulnerability exists in Hongdian H8922. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
CVE-2021-28151
Hongdian H8922 3.0.5 devices are vulnerable to remote command injection in tools.cgi ping via shell metacharacters in the ip-address (Destination) field, accessible with guest/guest credentials. The Nuclei template and other sources confirm that an attacker can execute arbitrary commands on the d...
CVE-2021-28151
creationtimestamp| type| source ---|---|--- 2021-04-29 07:23:32+00:00| published-proof-of-concept| https://t.me/pwnwikizhchannel/277 2021-05-07 17:47:07+00:00| published-proof-of-concept| Telegram/FdkVDBIKpoqp16cfdJYyeV8sCKCSKU4J9zwfH0-46n3abAQ 2025-01-26 00:00:00+00:00| seen| The Shadowserver...