CVE-2021-30231

Name of the Vulnerable Software and Affected Versions China Mobile An Lianbao WF-1 router version 1.0.1

Description The issue allows remote attackers to execute arbitrary commands via shell metacharacters in certain parameters. Specifically, the "api/zrDm/set ZRElink" interface is vulnerable. The parameters that can be exploited include bssaddr, abiaddr, devtoken, devid, elinksync, and elink proc enable.

Recommendations For China Mobile An Lianbao WF-1 router version 1.0.1, as a temporary workaround, consider restricting access to the "api/zrDm/set ZRElink" interface until a patch is available. Avoid using the parameters bssaddr, abiaddr, devtoken, devid, elinksync, and elink proc enable in this interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.