CVE-2021-30229

Name of the Vulnerable Software and Affected Versions China Mobile An Lianbao WF-1 router version 1.0.1

Description The issue allows remote attackers to execute arbitrary commands. This is achieved by injecting shell metacharacters into specific parameters in the "api/zrDm/set zrDm" interface. The vulnerable parameters include dm enable, AppKey, and Pwd.

Recommendations For China Mobile An Lianbao WF-1 router version 1.0.1, avoid using the dm enable, AppKey, or Pwd parameters in the "api/zrDm/set zrDm" interface until a fix is available. As a temporary workaround, consider restricting access to this interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.