Unprivileged Guest User Access to Administrator Password and Sensitive Data in Hongdian H8922 3.0.5 Devices
CVE-2021-28150 · MEDIUM Severity
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf (with the administrator password and other sensitive data) via /backup2.cgi.
Learn more about our User Device Pen Test.