Hongdian H8922 Backend Administrator Information Leakage Vulnerability Cve 2021 28151
Hongdian H8922 Backend Administrator Information Leakage Vulnerability Cve 2021 28151
Hongdian H8922 Backend Administrator Information Leakage Vulnerability CVE-2021-28151
Vulnerability Description
There is a loophole in the background of Hongdian H8922. The attacker logs in with any account and accesses special Url to obtain all users’ accounts and passwords.
Vulnerability Impact
HongDrive H8922
Network surveying and mapping
app:”Hongdian H8922 Industrial Router”
Vulnerability reappears
Log in to the background (there is the default account password of the guest user guest/guest)
The vulnerability exists in the backup2.cgi file
After analysis, we can know that the /tmp/hdconfig/cli.conf configuration file will be read after actual operation.
The configuration file contains all user passwords and sensitive configuration information.
This post is licensed under CC BY 4.0 by the author.