CVE-2021-33964

China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /api/ZRRuleFilter/set_firewall_level which receives parameters by POST request, and the parameter firewall_level has a command injection vulnerability. An attacker can use the vulnerability to execute remote commands.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:chinamobile:an_lianbao_wf-1_firmware:1.0.1:*:*:*:*:*:*:*
cpe:2.3:h:chinamobile:an_lianbao_wf-1:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:09

Type Values Removed Values Added
References () http://iot.10086.cn/?l=en-us - Product, Vendor Advisory () http://iot.10086.cn/?l=en-us - Product, Vendor Advisory
References () https://github.com/pokerfacett/MY_CVE_CREDIT/blob/master/China%20Mobile%20An%20Lianbao%20WF-1%20router%20Command%20Injection11.md - Broken Link () https://github.com/pokerfacett/MY_CVE_CREDIT/blob/master/China%20Mobile%20An%20Lianbao%20WF-1%20router%20Command%20Injection11.md - Broken Link
References () https://www.cnvd.org.cn/flaw/show/CNVD-2021-03520 - Third Party Advisory, VDB Entry () https://www.cnvd.org.cn/flaw/show/CNVD-2021-03520 - Third Party Advisory, VDB Entry
References () https://www.ebuy7.com/item/china-mobile-wireless-router-qualcomm-qiki-wifi6-routing-mesh-network-home-5g-dual-frequency-double-gigabit-port-wall-wall-high-speed-%E2%80%8B%E2%80%8Bhigh-power-enhanced-dormitory-students-an-lianbao-wf-1-628692180620 - Broken Link () https://www.ebuy7.com/item/china-mobile-wireless-router-qualcomm-qiki-wifi6-routing-mesh-network-home-5g-dual-frequency-double-gigabit-port-wall-wall-high-speed-%E2%80%8B%E2%80%8Bhigh-power-enhanced-dormitory-students-an-lianbao-wf-1-628692180620 - Broken Link

Information

Published : 2022-01-18 12:15

Updated : 2024-11-21 06:09


NVD link : CVE-2021-33964

Mitre link : CVE-2021-33964

CVE.ORG link : CVE-2021-33964


JSON object : View

Products Affected

chinamobile

  • an_lianbao_wf-1_firmware
  • an_lianbao_wf-1
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')