CVE-2021-28149 — AI Deep Analysis Summary

🚨 **Essence**: Path Traversal in Hongdian H8922 Router. <br>📉 **Consequences**: Attackers can download **ANY file** from the device. Critical data leaks like `/etc/passwd` are exposed. 📂

🛡️ **Root Cause**: Lack of input validation in `/log_download.cgi`. <br>❌ **Flaw**: The handler does not sanitize `../` sequences. <br>🔍 **CWE**: Path Traversal (Local File Inclusion).

📱 **Target**: Hongdian H8922 Router. <br>📦 **Version**: Specifically **3.0.5**. <br>🏢 **Vendor**: Hongdian (China). <br>⚠️ **Scope**: Devices running this specific firmware version.

💻 **Action**: Download arbitrary files. <br>🔑 **Privileges**: Requires only **minimal privileges** (basic login). <br>📄 **Data**: System configs, passwords, logs.…

🔓 **Auth Required**: YES. <br>👤 **Level**: Minimal privileges (standard user login). <br>⚙️ **Config**: None specific needed, just valid credentials. <br>📉 **Threshold**: LOW. Easy to trigger once logged in.

📢 **Public Exp?**: YES. <br>🧪 **PoC**: Available on GitHub (Nuclei templates & Awesome-POC). <br>🔗 **Link**: `nuclei-templates` and `Threekiii/Awesome-POC`. <br>🌍 **Wild Exp**: Likely automated via scanners.

🔍 **Check**: Scan for `/log_download.cgi`. <br>🧪 **Test**: Inject `type=../../etc/passwd`. <br>📥 **Verify**: If login prompts and file downloads, VULNERABLE. <br>🛠️ **Tool**: Use Nuclei or manual browser request.

📝 **Official Patch**: Not explicitly mentioned in data. <br>🔗 **Ref**: Vendor site & SSD Disclosure advisory exist. <br>⏳ **Status**: Check vendor for updates. <br>📉 **Risk**: Assume unpatched until confirmed.

🚧 **Workaround**: <br>1️⃣ Restrict access to `/log_download.cgi`. <br>2️⃣ Enforce strong admin passwords. <br>3️⃣ Block external access to management interfaces. <br>4️⃣ Monitor for file download anomalies.

🔥 **Priority**: HIGH. <br>⚡ **Urgency**: Immediate action needed. <br>📉 **Impact**: Full file read access with low effort. <br>🛡️ **Action**: Patch or isolate immediately. Don't ignore!