CVE-2021-28150

MEDIUM EXPLOITED NUCLEI

Hongdian H8922 3.0.5 - Information Disclosure

Title source: nuclei

Description

Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf (with the administrator password and other sensitive data) via /backup2.cgi.

Nuclei Templates (1)

Hongdian H8922 3.0.5 - Information Disclosure

MEDIUMby gy741

References (2)

[Product, Vendor Advisory] http://en.hongdian.com/Products/Details/H8922

[Exploit, Third Party Advisory] https://ssd-disclosure.com/ssd-advisory-hongdian-h8922-multiple-vulnerabilities/

Scores

CVSS v3 5.5

EPSS 0.7876

EPSS Percentile 99.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2025-08-23

CWE

CWE-425

Status published

Products (1)

hongdian/h8922_firmware 3.0.5

Published May 06, 2021

Tracked Since Feb 18, 2026