CVE-2021-28149

Name of the Vulnerable Software and Affected Versions: Hongdian H8922 version 3.0.5

Description: The issue allows Directory Traversal due to the /log download.cgi log export handler not validating user input. A remote attacker with minimal privileges can download any file from the device by substituting ../, for example, ../../etc/passwd. This can be carried out with a web browser by changing the file name accordingly, such as visiting /log download.cgi?type=../../etc/passwd and logging in, which allows the download of the contents of the /etc/passwd file.

Recommendations: For Hongdian H8922 version 3.0.5, as a temporary workaround, consider restricting access to the /log download.cgi endpoint until a patch is available. Avoid using the type parameter in the /log download.cgi endpoint with unvalidated input to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.