26 matches found
CVE-2021-30233
The api/ZRIptv/setIptvInfo interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the iptvvlan parameter...
CVE-2021-33965
China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /api/ZRMesh/setZRMesh which receives parameters by POST request, and the parameter meshenable and meshdevice have a command injection vulnerability. An attacker can use the vulnerability to execute remote commands...
China Mobile An Lianbao WF-1 router命令注入漏洞
China Mobile An Lianbao WF-1 router is a router from China Mobile China. A security vulnerability exists in China Mobile An Lianbao WF-1 V1.0.1, which can be exploited by an attacker to execute remote commands...
CVE-2021-33963
China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ZRMacClone/macaddrclone receives parameters by POST request, and the parameter macType has a command injection vulnerability. An attacker can use the vulnerability to execute remote commands...
China Mobile An Lianbao WF-1 router命令注入漏洞
China Mobile An Lianbao WF-1 router is a router from China Mobile, a Chinese company. A security vulnerability exists in the China Mobile An Lianbao WF-1 router, which originates from a command injection vulnerability in the web interface of the China Mobile An Lianbao WF-1 v1.0.1 router via a PO...
CVE-2021-33962
China Mobile An Lianbao WF-1 router v1.0.1 is affected by an OS command injection vulnerability in the web interface /api/ZRUsb/popusbdevice component...
China Mobile An Lianbao WF-1 router 操作系统命令注入漏洞
China Mobile An Lianbao WF-1 router is a router from China Mobile China. A security vulnerability exists in China Mobile An Lianbao WF-1 router version v1.0.1, which stems from a lack of command filtering and escaping in the web interface/api/ZRUsb/popusbdevice component, resulting in an operatin...
CVE-2021-30232
The api/ZRIGMP/setIGMPPROXY interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the IGMPPROXYWANCONNECT parameter...
CVE-2021-30233
The api/ZRIptv/setIptvInfo interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the iptvvlan parameter...
CVE-2021-30230
The api/ZRFirmware/settimezone interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the zonename parameter...
CVE-2021-30232
The api/ZRIGMP/setIGMPPROXY interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the IGMPPROXYWANCONNECT parameter...
CVE-2021-30231
The api/zrDm/setZRElink interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the bssaddr, abiaddr, devtoken, devid, elinksync, or elinkprocenable parameter...
CVE-2021-30228
The api/ZRAndlink/setZRAndlink interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the iandlinkprocenable parameter...
Code injection
The api/ZRIGMP/setMLDPROXY interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the MLDPROXYWANCONNECT parameter...
Code injection
The api/zrDm/setzrDm interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the dmenable, AppKey, or Pwd parameter...
Code injection
The api/zrDm/setZRElink interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the bssaddr, abiaddr, devtoken, devid, elinksync, or elinkprocenable parameter...
CVE-2021-30234
CVE-2021-30234 affects China Mobile An Lianbao WF-1 router (version 1.0.1). The vulnerability resides in api/ZRIGMP/set_MLD_PROXY and allows remote command execution by passing shell metacharacters in the MLD_PROXY_WAN_CONNECT parameter. Documented CVSSv3.1 severity is 9.8 (CRITICAL) with network...
CVE-2021-30234
The api/ZRIGMP/setMLDPROXY interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the MLDPROXYWANCONNECT parameter...
CVE-2021-30230
The vulnerability CVE-2021-30230 affects the China Mobile An Lianbao WF-1 router (firmware v1.0.1). The issue resides in the api/ZRFirmware/set_time_zone interface, where an attacker can inject shell metacharacters via the zonename parameter to achieve remote command execution. The available docu...
CVE-2021-30229
CVE-2021-30229 affects the China Mobile An Lianbao WF-1 router (version 1.0.1). The vulnerable component is the api/zrDm/set_zrDm interface, where remote attackers can inject shell metacharacters into parameters dm_enable, AppKey, or Pwd to execute arbitrary commands. Public references confirm a ...