Sadshade

Name of the Vulnerable Software and Affected Versions: Hongdian H8922 version 3.0.5 Description: The issue allows Directory Traversal due to the /log download.cgi log export handler not validating user input. A remote attacker with minimal privileges can download any file from the device by substituting ../, for example, ../../etc/passwd. This can be carried out with a web browser by changing the file name accordingly, such as visiting /log download.cgi?type=../../etc/passwd and logging in, which allows the download of the contents of the /etc/passwd file. Recommendations: For Hongdian H8922 version 3.0.5, as a temporary workaround, consider restricting access to the /log download.cgi endpoint until a patch is available. Avoid using the `type` parameter in the /log download.cgi endpoint with unvalidated input to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Hongdian H8922 version 3.0.5 Description: The issue allows an unprivileged guest user to read sensitive data, including the administrator password, from the cli.conf file via the /backup2.cgi API endpoint. Recommendations: For Hongdian H8922 version 3.0.5, restrict access to the /backup2.cgi API endpoint to prevent unauthorized users from reading the cli.conf file. As a temporary workaround, consider limiting the privileges of the guest user until a patch is available.

Name of the Vulnerable Software and Affected Versions: Hongdian H8922 version 3.0.5 Description: The issue allows OS command injection via shell metacharacters into the `ip-address` field, also known as the Destination field, in the `tools.cgi` ping command. This command is accessible using the username `guest` and password `guest`. Recommendations: For Hongdian H8922 version 3.0.5, consider restricting access to the `tools.cgi` ping command until a patch is available. As a temporary workaround, avoid using shell metacharacters in the `ip-address` field to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Hongdian H8922 version 3.0.5 Description: The issue concerns an undocumented feature in the affected device, allowing unauthorized access to a shell with superuser privileges. This access is facilitated through the telnet service on port 5188, using default credentials `root` and `superzxmn`. Recommendations: For Hongdian H8922 version 3.0.5, consider changing the default credentials immediately and restrict access to the telnet service on port 5188 to prevent unauthorized access. As a temporary workaround, consider disabling the telnet service until a more secure configuration or update is available.