Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-28151 PoC — Hongdian H8922 操作系统命令注入漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-28151.yaml
Associated Vulnerability
Title:Hongdian H8922 操作系统命令注入漏洞 (CVE-2021-28151)
Description:Hongdian H8922是中国Hongdian公司的一个路由器。 Hongdian H8922 3.0.5 devices 存在操作系统命令注入漏洞,攻击者利用该漏洞可以通过用户名guest和密码guest进行访问。
Description
Hongdian H8922 3.0.5 devices are susceptible to remote command injection via shell metacharacters into the ip-address (a/k/a Destination) field to the tools.cgi ping command, which is accessible with the username guest and password guest. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system.
File Snapshot

 id: CVE-2021-28151

info:
  name: Hongdian H8922 3.0.5 - Remote Command Injection
  author: gy741
  

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.