Unrated severityNVD Advisory· Published Apr 29, 2021· Updated Aug 3, 2024

CVE-2021-30231

Description

The api/zrDm/set_ZRElink interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the bssaddr, abiaddr, devtoken, devid, elinksync, or elink_proc_enable parameter.

Affected products

China Mobile/An Lianbao WF-1 routerdescription
ChinaMobile/An Lianbao WF-1llm-fuzzy
Range: 1.0.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

iot.10086.cnmitrex_refsource_MISC
github.com/pokerfacett/MY_REQUEST/blob/master/China%20Mobile%20An%20Lianbao%20WF-1%20router%20Command%20Injection4.mdmitrex_refsource_MISC
www.cnvd.org.cn/flaw/show/CNVD-2021-03520mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000