First published: Sat Jan 15 2022(Updated: )
China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ZRMacClone/mac_addr_clone receives parameters by POST request, and the parameter macType has a command injection vulnerability. An attacker can use the vulnerability to execute remote commands.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Chinamobile An Lianbao Wf-1 Firmware | =1.0.1 | |
Chinamobile An Lianbao Wf-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-33963 is a command injection vulnerability in the China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ZRMacClone/mac_addr_clone.
CVE-2021-33963 has a severity rating of 9.8 (Critical).
CVE-2021-33963 affects the China Mobile An Lianbao WF-1 v1.0.1 router firmware.
An attacker can exploit CVE-2021-33963 by sending a malicious POST request to the /api/ZRMacClone/mac_addr_clone endpoint with a crafted value for the macType parameter.
Yes, you can find references for CVE-2021-33963 at the following links: [1] http://iot.10086.cn/?l=en-us [2] https://github.com/pokerfacett/MY_CVE_CREDIT/blob/master/China%20Mobile%20An%20Lianbao%20WF-1%20router%20Command%20Injection9.md [3] https://www.cnvd.org.cn/flaw/show/CNVD-2021-03520