CVE-2021-28151

Sažetak

Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address (aka Destination) field to the tools.cgi ping command, which is accessible with the username guest and password guest.

Reference

http://en.hongdian.com/Products/Details/H8922
https://ssd-disclosure.com/ssd-advisory-hongdian-h8922-multiple-vulnerabilities/

CVSS

Base:	9.0
Impact:	10.0
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Zadnje važnije ažuriranje

13-05-2021 - 18:53

Objavljeno

06-05-2021 - 16:15