CVE-2021-33963 - Vulnerability Details - OpenCVE

China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ZRMacClone/mac_addr_clone receives parameters by POST request, and the parameter macType has a command injection vulnerability. An attacker can use the vulnerability to execute remote commands.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.01827.

Key SSVC decision points have not yet been added.

Vendors	Products
Chinamobile	An Lianbao Wf-1 An Lianbao Wf-1 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:chinamobile:an_lianbao_wf-1_firmware:1.0.1:*:*:*:*:*:*:*

cpe:2.3:h:chinamobile:an_lianbao_wf-1:-:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2021-20634	China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ZRMacClone/mac_addr_clone receives parameters by POST request, and the parameter macType has a command injection vulnerability. An attacker can use the vulnerability to execute remote commands.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://iot.10086.cn/?l=en-us
https://github.com/pokerfacett/MY_CVE_CREDIT/blob/master/China%20Mobile%20An%20Lianbao%20WF-1%20router%20Command%20Injection9.md
https://www.cnvd.org.cn/flaw/show/CNVD-2021-03520
https://www.ebuy7.com/item/china-mobile-wireless-router-qualcomm-qiki-wifi6-routing-mesh-network-home-5g-dual-frequency-double-gigabit-port-wall-wall-high-speed-%E2%80%8B%E2%80%8Bhigh-power-enhanced-dormitory-students-an-lianbao-wf-1-628692180620

History

Fri, 11 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.01892}`	epss `{'score': 0.01827}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-01-15T09:16:29

Updated: 2024-08-04T00:05:52.317Z

Reserved: 2021-06-07T00:00:00

Link: CVE-2021-33963

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-01-15T10:15:07.747

Modified: 2024-11-21T06:09:48.790

Link: CVE-2021-33963

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ZRMacClone/mac_addr_clone receives parameters by POST request, and the parameter macType has a command injection vulnerability. An attacker can use the vulnerability to execute remote commands."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-01-15T09:16:28", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.ebuy7.com/item/china-mobile-wireless-router-qualcomm-qiki-wifi6-routing-mesh-network-home-5g-dual-frequency-double-gigabit-port-wall-wall-high-speed-%E2%80%8B%E2%80%8Bhigh-power-enhanced-dormitory-students-an-lianbao-wf-1-628692180620"}, {"tags": ["x_refsource_MISC"], "url": "http://iot.10086.cn/?l=en-us"}, {"tags": ["x_refsource_MISC"], "url": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-03520"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/pokerfacett/MY_CVE_CREDIT/blob/master/China%20Mobile%20An%20Lianbao%20WF-1%20router%20Command%20Injection9.md"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-33963", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ZRMacClone/mac_addr_clone receives parameters by POST request, and the parameter macType has a command injection vulnerability. An attacker can use the vulnerability to execute remote commands."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.ebuy7.com/item/china-mobile-wireless-router-qualcomm-qiki-wifi6-routing-mesh-network-home-5g-dual-frequency-double-gigabit-port-wall-wall-high-speed-%E2%80%8B%E2%80%8Bhigh-power-enhanced-dormitory-students-an-lianbao-wf-1-628692180620", "refsource": "MISC", "url": "https://www.ebuy7.com/item/china-mobile-wireless-router-qualcomm-qiki-wifi6-routing-mesh-network-home-5g-dual-frequency-double-gigabit-port-wall-wall-high-speed-%E2%80%8B%E2%80%8Bhigh-power-enhanced-dormitory-students-an-lianbao-wf-1-628692180620"}, {"name": "http://iot.10086.cn/?l=en-us", "refsource": "MISC", "url": "http://iot.10086.cn/?l=en-us"}, {"name": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-03520", "refsource": "MISC", "url": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-03520"}, {"name": "https://github.com/pokerfacett/MY_CVE_CREDIT/blob/master/China%20Mobile%20An%20Lianbao%20WF-1%20router%20Command%20Injection9.md", "refsource": "MISC", "url": "https://github.com/pokerfacett/MY_CVE_CREDIT/blob/master/China%20Mobile%20An%20Lianbao%20WF-1%20router%20Command%20Injection9.md"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T00:05:52.317Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.ebuy7.com/item/china-mobile-wireless-router-qualcomm-qiki-wifi6-routing-mesh-network-home-5g-dual-frequency-double-gigabit-port-wall-wall-high-speed-%E2%80%8B%E2%80%8Bhigh-power-enhanced-dormitory-students-an-lianbao-wf-1-628692180620"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://iot.10086.cn/?l=en-us"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-03520"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/pokerfacett/MY_CVE_CREDIT/blob/master/China%20Mobile%20An%20Lianbao%20WF-1%20router%20Command%20Injection9.md"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-33963", "datePublished": "2022-01-15T09:16:29", "dateReserved": "2021-06-07T00:00:00", "dateUpdated": "2024-08-04T00:05:52.317Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:chinamobile:an_lianbao_wf-1_firmware:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "8D12A7F9-493E-4406-9F5C-03853419A3D6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:chinamobile:an_lianbao_wf-1:-:*:*:*:*:*:*:*", "matchCriteriaId": "81224F70-2658-4E2E-9CC8-63F2D4B3CB52", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ZRMacClone/mac_addr_clone receives parameters by POST request, and the parameter macType has a command injection vulnerability. An attacker can use the vulnerability to execute remote commands."}, {"lang": "es", "value": "China Mobile La interfaz web del router Lianbao WF-1 versi\u00f3n v1.0.1, mediante /api/ZRMacClone/mac_addr_clone recibe par\u00e1metros por petici\u00f3n POST, y el par\u00e1metro macType presenta una vulnerabilidad de inyecci\u00f3n de comandos. Un atacante puede usar la vulnerabilidad para ejecutar comandos remotos"}], "id": "CVE-2021-33963", "lastModified": "2024-11-21T06:09:48.790", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-01-15T10:15:07.747", "references": [{"source": "cve@mitre.org", "tags": ["Product"], "url": "http://iot.10086.cn/?l=en-us"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory"], "url": "https://github.com/pokerfacett/MY_CVE_CREDIT/blob/master/China%20Mobile%20An%20Lianbao%20WF-1%20router%20Command%20Injection9.md"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-03520"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory"], "url": "https://www.ebuy7.com/item/china-mobile-wireless-router-qualcomm-qiki-wifi6-routing-mesh-network-home-5g-dual-frequency-double-gigabit-port-wall-wall-high-speed-%E2%80%8B%E2%80%8Bhigh-power-enhanced-dormitory-students-an-lianbao-wf-1-628692180620"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "http://iot.10086.cn/?l=en-us"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory"], "url": "https://github.com/pokerfacett/MY_CVE_CREDIT/blob/master/China%20Mobile%20An%20Lianbao%20WF-1%20router%20Command%20Injection9.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-03520"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory"], "url": "https://www.ebuy7.com/item/china-mobile-wireless-router-qualcomm-qiki-wifi6-routing-mesh-network-home-5g-dual-frequency-double-gigabit-port-wall-wall-high-speed-%E2%80%8B%E2%80%8Bhigh-power-enhanced-dormitory-students-an-lianbao-wf-1-628692180620"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}]}