← volver
CVE-2021-28149explotación observada

CVE-2021-28149

45Vexday Risk Score

Corrige ahora. Ella explotación observada por VulnCheck y tiene exploit funcional público.

ssvc Actepss 14%
de la publicación al arma
Publicada en NVD6 may
VulnCheck+154d
probabilidad de explotación
14%top 4% de las CVE
explotación observada
VulnCheck
Hongdian H8922 3.0.5 devices allow Directory Traversal. The /log_download.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ (e.g., ../../etc/passwd) This can be carried out with a web browser by changing the file name accordingly. Upon visiting log_download.cgi?type=../../etc/passwd and logging in, the web server will allow a download of the contents of the /etc/passwd file.
Productos afectados
n/a · n/a