PT-2021-17777 · Hongdian · Hongdian H8922

Konstantin Burov

Published

2021-05-06

Updated

2021-05-13

CVE-2021-28151

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Hongdian H8922 version 3.0.5

Description: The issue allows OS command injection via shell metacharacters into the ip-address field, also known as the Destination field, in the tools.cgi ping command. This command is accessible using the username guest and password guest.

Recommendations: For Hongdian H8922 version 3.0.5, consider restricting access to the tools.cgi ping command until a patch is available. As a temporary workaround, avoid using shell metacharacters in the ip-address field to minimize the risk of exploitation.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2021-28151

Affected Products

Hongdian H8922

PT-2021-17777 · Hongdian · Hongdian H8922

CVE-2021-28151

Weakness Enumeration

Related Identifiers

Affected Products

References · 5