First published: Tue Jan 18 2022(Updated: )
China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /api/ZRMesh/set_ZRMesh which receives parameters by POST request, and the parameter mesh_enable and mesh_device have a command injection vulnerability. An attacker can use the vulnerability to execute remote commands.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Chinamobile An Lianbao Wf-1 Firmware | =1.0.1 | |
Chinamobile An Lianbao Wf-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-33965 is a command injection vulnerability in China Mobile An Lianbao WF-1 V1.0.1 router's web interface.
Yes, China Mobile An Lianbao WF-1 V1.0.1 router is affected by CVE-2021-33965.
CVE-2021-33965 has a severity level of 8.8 (high).
The CWE ID for CVE-2021-33965 is CWE-77.
An attacker can exploit CVE-2021-33965 by sending malicious commands through the /api/ZRMesh/set_ZRMesh web interface of the affected router.