CVE-2021-45043

HIGH NUCLEI

HD-Network Real-time Monitoring System 2.0 - Path Traversal via Language Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2021-45043. PoCs published by Momen Eldawakhly, crypt0g30rgy. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates a Local File Inclusion (LFI) vulnerability in HD-Network Real-time Monitoring System 2.0. The vulnerability is exploited via a crafted cookie parameter to read arbitrary files, such as /etc/passwd.

Description

HD-Network Real-time Monitoring System 2.0 allows ../ directory traversal to read /etc/shadow via the /language/lang s_Language parameter.

Exploits (2)

exploitdb WORKING POC

by Momen Eldawakhly · textremotelinux

https://www.exploit-db.com/exploits/50588

View Code ZIP pw:eip

This exploit demonstrates a Local File Inclusion (LFI) vulnerability in HD-Network Real-time Monitoring System 2.0. The vulnerability is exploited via a crafted cookie parameter to read arbitrary files, such as /etc/passwd.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: HD-Network Real-time Monitoring System V2.0

No auth needed

Prerequisites: Access to the target web server

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 1 stars

by crypt0g30rgy · poc

https://github.com/crypt0g30rgy/cve-2021-45043

View Code ZIP pw:eip

This repository contains a working proof-of-concept for CVE-2021-45043, a directory traversal vulnerability in HD-Network Real-time Monitoring System 2.0. The exploit leverages the `s_Language` cookie parameter to read arbitrary files, such as `/etc/shadow`, via a crafted HTTP request.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: HD-Network Real-time Monitoring System 2.0

No auth needed

Prerequisites: Target system running HD-Network Real-time Monitoring System 2.0 · Network access to the target system

MITRE ATT&CK

T1006 - Direct Volume Access T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

HD-Network Realtime Monitoring System 2.0 - Local File Inclusion

HIGHby Momen Eldawakhly,Evan Rubinstein

Shodan: http.title:"hd-network real-time monitoring system v2.0"

FOFA: title="hd-network real-time monitoring system v2.0"

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://drive.google.com/file/d/1DlfZz0F8skWy3Mkahx_NMo-sYZh9-eun/view?usp=sharing

Exploit, Third Party Advisory x_refsource_misc

https://drive.google.com/file/d/1bx9yCN-IHYuRpd7g3jhMb0LcTC1ARzSX/view?usp=sharing

Scores

CVSS v3 7.5

EPSS 0.3313

EPSS Percentile 98.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (1)

hd-network_real-time_monitoring_system_project/hd-network_real-time_monitoring_system 2.0

Published Dec 15, 2021

Tracked Since Feb 18, 2026