Skip to main content

H8922 Firmware

4 CVEs product

Monthly

CVE-2021-28152 CRITICAL POC Act Now

Hongdian H8922 3.0.5 devices have an undocumented feature that allows access to a shell as a superuser. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass H8922 Firmware
NVD
CVSS 3.1
9.8
EPSS
5.2%
CVE-2021-28151 HIGH POC THREAT This Week

Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address (aka Destination) field to the tools.cgi ping command, which is accessible with the username guest. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection H8922 Firmware
NVD
CVSS 3.1
8.8
EPSS
27.9%
CVE-2021-28150 MEDIUM POC This Month

Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf (with the administrator password and other sensitive data) via /backup2.cgi. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure H8922 Firmware
NVD
CVSS 3.1
5.5
EPSS
2.6%
CVE-2021-28149 MEDIUM POC THREAT This Month

Hongdian H8922 3.0.5 devices allow Directory Traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal H8922 Firmware
NVD
CVSS 3.1
6.5
EPSS
13.8%
EPSS 5% CVSS 9.8
CRITICAL POC Act Now

Hongdian H8922 3.0.5 devices have an undocumented feature that allows access to a shell as a superuser. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass H8922 Firmware
NVD
EPSS 28% CVSS 8.8
HIGH POC THREAT This Week

Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address (aka Destination) field to the tools.cgi ping command, which is accessible with the username guest. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection H8922 Firmware
NVD
EPSS 3% CVSS 5.5
MEDIUM POC This Month

Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf (with the administrator password and other sensitive data) via /backup2.cgi. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure H8922 Firmware
NVD
EPSS 14% CVSS 6.5
MEDIUM POC THREAT This Month

Hongdian H8922 3.0.5 devices allow Directory Traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal H8922 Firmware
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy