Macroden H8922 Backend Arbitrary File Reading Vulnerability Cve 2021 28152
Macroden H8922 Backend Arbitrary File Reading Vulnerability Cve 2021 28152
#HongDian H8922 Backend arbitrary file reading vulnerability CVE-2021-28152
Vulnerability Description
There is a vulnerability to read any file in the background of the macro H8922. Low-privileged users can obtain any file content through the vulnerability.
Vulnerability Impact
HoChange H8922
Network surveying and mapping
app:”Hongdian H8922 Industrial Router”
Vulnerability reappears
Log in to the background (there is the default account password of the guest user guest/guest)
The vulnerability exists in the log_download.cgi file
Use the type parameter to read the file and download the log to the user. Use ../../ to jump to the root directory to read any file
This post is licensed under CC BY 4.0 by the author.