CVE-2021-33962

CRITICAL

China Mobile An Lianbao WF-1 v1.0.1 - OS Command Injection via Web Interface USB Device Pop

Title source: llm

Description

China Mobile An Lianbao WF-1 router v1.0.1 is affected by an OS command injection vulnerability in the web interface /api/ZRUsb/pop_usb_device component.

References (4)

Core 4

Core References

Broken Link x_refsource_misc

https://www.ebuy7.com/item/china-mobile-wireless-router-qualcomm-qiki-wifi6-routing-mesh-network-home-5g-dual-frequency-double-gigabit-port-wall-wall-high-speed-%E2%80%8B%E2%80%8Bhigh-power-enhanced-dormitory-students-an-lianbao-wf-1-628692180620

Third Party Advisory x_refsource_misc

http://iot.10086.cn/?l=en-us

Third Party Advisory x_refsource_misc

https://www.cnvd.org.cn/flaw/show/CNVD-2021-03520

Broken Link x_refsource_misc

https://github.com/pokerfacett/MY_CVE_CREDIT/blob/master/China%20Mobile%20An%20Lianbao%20WF-1%20router%20Command%20Injection12.md

Scores

CVSS v3 9.8

EPSS 0.0371

EPSS Percentile 88.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (1)

chinamobileltd/an_lianbao_wf_firmware-1 1.0.1

Published Jan 14, 2022

Tracked Since Feb 18, 2026