26 matches found
CVE-2021-30233
The api/ZRIptv/setIptvInfo interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the iptvvlan parameter...
CVE-2021-33965
China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /api/ZRMesh/setZRMesh which receives parameters by POST request, and the parameter meshenable and meshdevice have a command injection vulnerability. An attacker can use the vulnerability to execute remote commands...
China Mobile An Lianbao WF-1 router命令注入漏洞
China Mobile An Lianbao WF-1 router is a router from China Mobile China. A security vulnerability exists in China Mobile An Lianbao WF-1 V1.0.1, which can be exploited by an attacker to execute remote commands...
CVE-2021-33963
China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ZRMacClone/macaddrclone receives parameters by POST request, and the parameter macType has a command injection vulnerability. An attacker can use the vulnerability to execute remote commands...
China Mobile An Lianbao WF-1 router命令注入漏洞
China Mobile An Lianbao WF-1 router is a router from China Mobile, a Chinese company. A security vulnerability exists in the China Mobile An Lianbao WF-1 router, which originates from a command injection vulnerability in the web interface of the China Mobile An Lianbao WF-1 v1.0.1 router via a PO...
CVE-2021-33962
China Mobile An Lianbao WF-1 router v1.0.1 is affected by an OS command injection vulnerability in the web interface /api/ZRUsb/popusbdevice component...
China Mobile An Lianbao WF-1 router 操作系统命令注入漏洞
China Mobile An Lianbao WF-1 router is a router from China Mobile China. A security vulnerability exists in China Mobile An Lianbao WF-1 router version v1.0.1, which stems from a lack of command filtering and escaping in the web interface/api/ZRUsb/popusbdevice component, resulting in an operatin...
CVE-2021-30232
The api/ZRIGMP/setIGMPPROXY interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the IGMPPROXYWANCONNECT parameter...
CVE-2021-30232
The api/ZRIGMP/setIGMPPROXY interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the IGMPPROXYWANCONNECT parameter...
CVE-2021-30230
The api/ZRFirmware/settimezone interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the zonename parameter...
CVE-2021-30231
The api/zrDm/setZRElink interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the bssaddr, abiaddr, devtoken, devid, elinksync, or elinkprocenable parameter...
CVE-2021-30233
The api/ZRIptv/setIptvInfo interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the iptvvlan parameter...
CVE-2021-30228
The api/ZRAndlink/setZRAndlink interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the iandlinkprocenable parameter...
Code injection
The api/ZRIGMP/setMLDPROXY interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the MLDPROXYWANCONNECT parameter...
Code injection
The api/zrDm/setzrDm interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the dmenable, AppKey, or Pwd parameter...
Code injection
The api/zrDm/setZRElink interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the bssaddr, abiaddr, devtoken, devid, elinksync, or elinkprocenable parameter...
CVE-2021-30234
CVE-2021-30234 affects China Mobile An Lianbao WF-1 router (version 1.0.1). The vulnerability resides in api/ZRIGMP/set_MLD_PROXY and allows remote command execution by passing shell metacharacters in the MLD_PROXY_WAN_CONNECT parameter. Documented CVSSv3.1 severity is 9.8 (CRITICAL) with network...
CVE-2021-30234
The api/ZRIGMP/setMLDPROXY interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the MLDPROXYWANCONNECT parameter...
CVE-2021-30229
The api/zrDm/setzrDm interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the dmenable, AppKey, or Pwd parameter...
CVE-2021-30230
The api/ZRFirmware/settimezone interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the zonename parameter...