Vulnerabilities > Hongdian > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-12 | CVE-2023-49253 | Use of Hard-coded Credentials vulnerability in Hongdian H8951-4G-Esp Firmware Root user password is hardcoded into the device and cannot be changed in the user interface. | 9.8 |
| 2024-01-12 | CVE-2023-49255 | Missing Authentication for Critical Function vulnerability in Hongdian H8951-4G-Esp Firmware The router console is accessible without authentication at "data" field, and while a user needs to be logged in in order to modify the configuration, the session state is shared. | 9.8 |
| 2024-01-12 | CVE-2023-49262 | Improper Authentication vulnerability in Hongdian H8951-4G-Esp Firmware The authentication mechanism can be bypassed by overflowing the value of the Cookie "authentication" field, provided there is an active user session. | 9.8 |
| 2021-05-06 | CVE-2021-28151 | OS Command Injection vulnerability in Hongdian H8922 Firmware 3.0.5 Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address (aka Destination) field to the tools.cgi ping command, which is accessible with the username guest and password guest. | 9.0 |
| 2021-05-06 | CVE-2021-28152 | Improper Authentication vulnerability in Hongdian H8922 Firmware 3.0.5 Hongdian H8922 3.0.5 devices have an undocumented feature that allows access to a shell as a superuser. | 9.8 |