CVE-2023-41011
Description
Command Execution vulnerability in China Mobile Communications China Mobile Intelligent Home Gateway v.HG6543C4 allows a remote attacker to execute arbitrary code via the shortcut_telnet.cg component.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
China Mobile Intelligent Home Gateway HG6543C4 contains an unauthenticated command injection flaw in the shortcut_telnet.cgi component allowing remote code execution.
Vulnerability
The China Mobile Intelligent Home Gateway HG6543C4 (firmware version not explicitly stated, but device model HG6543C4) contains a command execution vulnerability in the shortcut_telnet.cgi CGI script [1]. The script is intended to enable or disable the telnet service. It takes user-supplied input from the query string, decodes it using urldecode.cgi, writes it into a temporary shell script file, and executes it. No authentication or authorization checks are performed before processing the request [1].
Exploitation
An unauthenticated remote attacker can exploit this vulnerability by sending a crafted HTTP GET request to the vulnerable endpoint. The attacker only needs network access to the gateway's management interface (typically at 192.168.1.1). A proof-of-concept is provided: http://192.168.1.1/cgi-bin/shortcut_telnet.cgi?whoami executes the whoami command [1]. By replacing whoami with arbitrary shell commands, the attacker can achieve arbitrary command execution. The default credentials and wireless network credentials are also documented, but authentication is not required for this particular flaw [1].
Impact
Successful exploitation allows a remote, unauthenticated attacker to execute arbitrary operating system commands on the gateway with the privileges of the web server process (likely root). This leads to full compromise of the device, including the ability to modify configuration, intercept or redirect network traffic, launch attacks on internal networks, and persist access [1]. The device's default credentials and wireless settings are publicly known, lowering the barrier for further exploitation [1].
Mitigation
As of the publication date (2023-09-14), no official patch or fixed firmware version has been released by China Mobile Communications for the HG6543C4 gateway. Users are advised to change the default administrative credentials (dr7u2tvn) and wireless password (f6qgriu4) immediately [1]. If possible, restrict remote administrative access to trusted IPs only via firewall rules, disable the WAN-side management interface, or replace the device if it is end-of-life. Monitor vendor advisories for a future patch. This vulnerability is not currently listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- China Mobile Communications/Intelligent Home Gatewaydescription
- Range: = HG6543C4
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
News mentions
0No linked articles in our index yet.