admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-06 02:31:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
GobyVuls/Hongdian/CVE-2021-28149
History
xiaoheihei1107 d6b5a92c46
Add CVE-2021-28149
2021-08-14 18:33:51 +08:00
..
Hongdian_H8922_Arbitrary_File_Read_CVE_2021_28149.gif
Add CVE-2021-28149
2021-08-14 18:33:51 +08:00
README.md
Add CVE-2021-28149
2021-08-14 18:33:25 +08:00

README.md

Hongdian H8922 Arbitrary File Read (CVE-2021-28149)

Hongdian H8922 3.0.5 devices allow Directory Traversal. The /log_download.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ (e.g., ../../etc/passwd) This can be carried out with a web browser by changing the file name accordingly. Upon visiting log_download.cgi?type=../../etc/passwd and logging in, the web server will allow a download of the contents of the /etc/passwd file.

FOFA query rule: banner="WWW-Authenticate: Basic realm=" && banner="Server Status"

Demo