PT-2021-18679 · China Mobile · An Lianbao Wf-1

Published

2021-04-29

Updated

2022-05-03

CVE-2021-30232

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions China Mobile An Lianbao WF-1 router version 1.0.1

Description The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the IGMP PROXY WAN CONNECT parameter in the "api/ZRIGMP/set IGMP PROXY" interface.

Recommendations For China Mobile An Lianbao WF-1 router version 1.0.1, consider disabling access to the "api/ZRIGMP/set IGMP PROXY" interface until a patch is available. Restrict input for the IGMP PROXY WAN CONNECT parameter to prevent shell metacharacter injection.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2021-30232

Affected Products

An Lianbao Wf-1

PT-2021-18679 · China Mobile · An Lianbao Wf-1

CVE-2021-30232

Weakness Enumeration

Related Identifiers

Affected Products

References · 6