exploitDog

CVE-2021-28151

Опубликовано: 06 мая 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 9

EPSS Критический

Описание

Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address (aka Destination) field to the tools.cgi ping command, which is accessible with the username guest and password guest.

Ссылки

http://en.hongdian.com/Products/Details/H8922
Product
Vendor Advisory
https://ssd-disclosure.com/ssd-advisory-hongdian-h8922-multiple-vulnerabilities/
Exploit
Third Party Advisory
http://en.hongdian.com/Products/Details/H8922
Product
Vendor Advisory
https://ssd-disclosure.com/ssd-advisory-hongdian-h8922-multiple-vulnerabilities/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:hongdian:h8922_firmware:3.0.5:*:*:*:*:*:*:*

cpe:2.3:h:hongdian:h8922:-:*:*:*:*:*:*:*

EPSS

Процентиль: 100%

0.92677

Критический

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-qr4g-xxx6-244x

github

больше 3 лет назад

Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address (aka Destination) field to the tools.cgi ping command, which is accessible with the username guest and password guest.

EPSS

Процентиль: 100%

0.92677

Критический

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-78