CVE-2021-28149 Scanner

The Hongdian H8922 3.0.5 device is commonly used for remote monitoring of various industrial applications such as environmental monitoring, industrial automation, and power grid management. It is designed to provide real-time data analysis, control, and management capabilities for these applications. The device can remotely connect to various industrial equipment and provide continuous monitoring of their performance.

Recently, a vulnerability named CVE-2021-28149 was detected in the Hongdian H8922 3.0.5 device. This vulnerability allows a remote attacker to perform Directory Traversal attacks. The /log_download.cgi log export handler of the device fails to validate user input, which enables an attacker with minimal privileges to download any file from the device by substituting "../" in the filename. By exploiting this vulnerability, an attacker can easily gain unauthorized access to sensitive information stored on the device.

When this vulnerability is successfully exploited, an attacker can obtain sensitive information such as user credentials, configuration files, and critical system files. They can also access confidential business information stored on the device, compromising the integrity and availability of the overall infrastructure. If exploited, this vulnerability can lead to significant financial losses, impacting the operational capability and reputation of the affected organization.

In conclusion, the Hongdian H8922 3.0.5 device has gained widespread adoption in various industrial applications, but with the recent discovery of the CVE-2021-28149 vulnerability, caution is now essential. With the advanced features of the s4e.io platform, individuals and organizations can quickly and effortlessly identify potential vulnerabilities and take the necessary steps to safeguard their digital assets. Stay safe, stay secure.

REFERENCES

• http://en.hongdian.com/Products/Details/H8922
• https://ssd-disclosure.com/ssd-advisory-hongdian-h8922-multiple-vulnerabilities/