First published: Tue Jan 18 2022(Updated: )
China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /api/ZRRuleFilter/set_firewall_level which receives parameters by POST request, and the parameter firewall_level has a command injection vulnerability. An attacker can use the vulnerability to execute remote commands.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Chinamobile An Lianbao Wf-1 Firmware | =1.0.1 | |
Chinamobile An Lianbao Wf-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2021-33964 is high with a CVSS score of 8.8.
The affected software for CVE-2021-33964 is China Mobile An Lianbao WF-1 V1.0.1 router.
The vulnerability in CVE-2021-33964 is a command injection vulnerability in the /api/ZRRuleFilter/set_firewall_level web interface.
An attacker can exploit CVE-2021-33964 by using the command injection vulnerability to execute remote commands.
Yes, there are references for CVE-2021-33964 available at the following URLs: - http://iot.10086.cn/?l=en-us - https://github.com/pokerfacett/MY_CVE_CREDIT/blob/master/China%20Mobile%20An%20Lianbao%20WF-1%20router%20Command%20Injection11.md - https://www.cnvd.org.cn/flaw/show/CNVD-2021-03520