PT-2021-17776 · Hongdian · Hongdian H8922

Konstantin Burov

Published

2021-05-06

Updated

2022-07-12

CVE-2021-28150

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Hongdian H8922 version 3.0.5

Description: The issue allows an unprivileged guest user to read sensitive data, including the administrator password, from the cli.conf file via the /backup2.cgi API endpoint.

Recommendations: For Hongdian H8922 version 3.0.5, restrict access to the /backup2.cgi API endpoint to prevent unauthorized users from reading the cli.conf file. As a temporary workaround, consider limiting the privileges of the guest user until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-425

Related Identifiers

CVE-2021-28150

Affected Products

Hongdian H8922

PT-2021-17776 · Hongdian · Hongdian H8922

CVE-2021-28150

Weakness Enumeration

Related Identifiers

Affected Products

References · 5