What is CVE-2021-28149?

CVE-2021-28149 is a vulnerability in N/a. Published 2021-05-06.

Is CVE-2021-28149 known to be exploited?

17 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2021-28149

Hongdian H8922 3.0.5 devices allow Directory Traversal. The /log_download.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ (e…

EPSS: 0.907 (99.6th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

0day404/vulnerability-poc
20142995/nuclei-templates
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
ArrestX/--POC
EdgeSecurityTeam/Vulnerability
HimmelAward/Goby_
KayCHENvip/vulnerability-poc
Miraitowa70/POC-Notes
NyxAzrael/Goby_

References

en.hongdian.com/Products/Details/H8922 (x_refsource_MISC)
ssd-disclosure.com/ssd-advisory-hongdian-h8922-multiple-vulnerabilities/ (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-28149?: CVE-2021-28149 is a vulnerability in N/a. Published 2021-05-06.
Is CVE-2021-28149 known to be exploited?: 17 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.