PT-2021-16802 · China Mobile · An Lianbao Wf-1

Published

2021-04-29

Updated

2021-05-07

CVE-2021-25812

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions China Mobile An Lianbao WF-1 version 1.01

Description A command injection issue exists, allowing for potential exploitation via the ip parameter in a POST request to the "/api/ZRQos/set online client" API endpoint.

Recommendations For version 1.01, avoid using the ip parameter in the "/api/ZRQos/set online client" API endpoint until the issue is resolved. As a temporary workaround, consider restricting access to this endpoint to minimize the risk of exploitation.

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

CVE-2021-25812

Affected Products

An Lianbao Wf-1

PT-2021-16802 · China Mobile · An Lianbao Wf-1

CVE-2021-25812

Weakness Enumeration

Related Identifiers

Affected Products

References · 5