CVE-2021-33964

China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /api/ZRRuleFilter/setfirewalllevel which receives parameters by POST request, and the parameter firewalllevel has a command injection vulnerability. An attacker can use the vulnerability to execute remote commands...

EUVD-2021-17164

Malware in sbrugna...

EUVD-2021-20635

Malware in sbrugna...

CVE-2021-30229

The api/zrDm/setzrDm interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the dmenable, AppKey, or Pwd parameter...

CVE-2021-33965

China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /api/ZRMesh/setZRMesh which receives parameters by POST request, and the parameter meshenable and meshdevice have a command injection vulnerability. An attacker can use the vulnerability to execute remote commands...

CVE-2021-30230

The api/ZRFirmware/settimezone interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the zonename parameter...

CVE-2021-30228

The api/ZRAndlink/setZRAndlink interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the iandlinkprocenable parameter...

VulnCheck KEV: CVE-2019-12168

Four-Faith Wireless Mobile Router F3x24 v1.0 devices allow remote code execution via the Command Shell aka Administration Commands screen...

Tenda 4G300 Buffer Overflow Vulnerability

The Tenda 4G300 is a portable wireless router aimed at users who need mobile Internet access scenarios. The Tenda 4G300 suffers from a buffer overflow vulnerability that stems from incorrect manipulation of the parameter list1, no details of the vulnerability are provided at this time...

CVE-2020-18331

Directory traversal vulnerability in ChinaMobile PLC Wireless Router model GPN2.4P21-C-CN running the firmware version W2000EN-01hardware platform Gpn2.4P21-CWIFI-V0.05, via the getpage parameter to /cgi-bin/webproc...

CVE-2020-18330

An issue was discovered in the default configuration of ChinaMobile PLC Wireless Router model GPN2.4P21-C-CN running the firmware version W2000EN-01hardware platform Gpn2.4P21-CWIFI-V0.05, allows attackers to gain access to the configuration interface...

ChinaMobile GPN2.4P21-C-CN 路径遍历漏洞

China Mobile ChinaMobile GPN2.4P21-C-CN is a wireless router from China Mobile. A security vulnerability exists in the ChinaMobile GPN2.4P21-C-CN. An attacker can exploit this vulnerability to access the configuration interface...

The vulnerability of iRZ mobile router microprogramming software, related to the manipulation of cross-site requests, allows a hacker to perform a CSRF attack.

The vulnerability of iRZ mobile router microprogramming software is related to the manipulation of inter-site requests. Exploiting this vulnerability allows a remote attacker to execute a CSRF attack...

IRZ Mobile Router Remote Code Execution (CVE-2022-27226)

A remote code execution vulnerability exists in IRZ Mobile Router. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Telesquare TLR-2005Ksh 安全漏洞

Telesquare Tlr-2005Ksh is a Sk Telecom Lte router from Telesquare Korea. An arbitrary file deletion vulnerability exists in Telesquare TLR-2005Ksh version 1.0.0, which stems from improper access control. A remote attacker can exploit this vulnerability to delete any file, even internal system...

iRZ Mobile Router - CSRF to RCE

Exploit Title: iRZ Mobile Router - CSRF to RCE Google Dork: intitle:"iRZ Mobile Router" Date: 2022-03-18 Exploit Author: Stephen Chavez & Robert Willis Vendor Homepage: https://en.irz.ru/ Software Link: https://github.com/SakuraSamuraii/ez-iRZ Version: Routers through 2022-03-16 Tested on: RU21,...

iRZ Mobile Router Cross Site Request Forgery / Remote Code Execution

Exploit Title: iRZ Mobile Router - CSRF to RCE Google Dork: intitle:"iRZ Mobile Router" Date: 2022-03-18 Exploit Author: Stephen Chavez & Robert Willis Vendor Homepage: https://en.irz.ru/ Software Link: https://github.com/SakuraSamuraii/ez-iRZ Version: Routers through 2022-03-16 Tested on: RU21,...

iRZ Mobile Router - CSRF to Remote Code Execution Exploit

Exploit Title: iRZ Mobile Router - CSRF to RCE Google Dork: intitle:"iRZ Mobile Router" Exploit Author: Stephen Chavez & Robert Willis Vendor Homepage: https://en.irz.ru/ Software Link: https://github.com/SakuraSamuraii/ez-iRZ Version: Routers through 2022-03-16 Tested on: RU21, RU21w, RL21, RU41...

CVE-2022-27226

CVE-2022-27226 affects iRZ Mobile Routers. A CSRF flaw in /api/crontab enables a threat actor to insert a crontab entry in the router Admin panel, causing the defined cronjob to run and leading to remote code execution with filesystem access. The issue can also enable RCE if default credentials a...

ZTE MF971R LTE router 跨站脚本漏洞

The ZTE MF971R is a Cat 6 LTE mobile Wi-Fi router with download speeds up to 300mbps and upload speeds up to 50mbps. The ZTE MF971R suffers from a type of cross-site scripting vulnerability. An attacker can exploit the vulnerability to obtain cookie information...