Unprivileged Guest User Access to Administrator Password and Sensitive Data in Hongdian H8922 3.0.5 Devices

Unprivileged Guest User Access to Administrator Password and Sensitive Data in Hongdian H8922 3.0.5 Devices

CVE-2021-28150 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf (with the administrator password and other sensitive data) via /backup2.cgi.

Learn more about our User Device Pen Test.