chinamobile CVE Vulnerabilities & CVE List (14)

Products (CPE): — CVEs: 14

chinamobile vulnerability overview

Aggregates CVE and security vulnerability intelligence across all chinamobile-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.

Historical issues mainly involve vendor risk cross-site scripting and vendor risk command injection and related security problems, affecting vendor surface software deployment and vendor surface production workloads scenarios.

Vulnerability distribution trend (last 24 months)

Showing 114 of 14 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2023-41011 Command Execution vulnerability in China Mobile Communications China Mobile Intelligent Home Gateway v.HG6543C4 allows a remote attacker to execute arbitrary code via the shortcut_telnet.cg component. [email protected] 9.8 2.04% 2023-09-14 2026-06-17
CVE-2023-41012 An issue in China Mobile Communications China Mobile Intelligent Home Gateway v.HG6543C4 allows a remote attacker to execute arbitrary code via the authentication mechanism. [email protected] 9.8 1.28% 2023-09-05 2026-06-17
CVE-2021-33965 China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /api/ZRMesh/set_ZRMesh which receives parameters by POST request, and the parameter mesh_enable and mesh_device have a command injection vulnerability. An attacker can use the vulnerability to execute remote commands. [email protected] 8.8 2.87% 2022-01-18 2026-06-16
CVE-2021-33964 China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /api/ZRRuleFilter/set_firewall_level which receives parameters by POST request, and the parameter firewall_level has a command injection vulnerability. An attacker can use the vulnerability to execute remote commands. [email protected] 8.8 2.87% 2022-01-18 2026-06-16
CVE-2021-33963 China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ZRMacClone/mac_addr_clone receives parameters by POST request, and the parameter macType has a command injection vulnerability. An attacker can use the vulnerability to execute remote commands. [email protected] 9.8 3.07% 2022-01-15 2026-06-16
CVE-2021-30234 The api/ZRIGMP/set_MLD_PROXY interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the MLD_PROXY_WAN_CONNECT parameter. [email protected] 9.8 3.27% 2021-04-29 2026-06-16
CVE-2021-30233 The api/ZRIptv/setIptvInfo interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the iptv_vlan parameter. [email protected] 9.8 3.27% 2021-04-29 2026-06-16
CVE-2021-30232 The api/ZRIGMP/set_IGMP_PROXY interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the IGMP_PROXY_WAN_CONNECT parameter. [email protected] 9.8 3.27% 2021-04-29 2026-06-16
CVE-2021-30231 The api/zrDm/set_ZRElink interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the bssaddr, abiaddr, devtoken, devid, elinksync, or elink_proc_enable parameter. [email protected] 9.8 3.27% 2021-04-29 2026-06-16
CVE-2021-30230 The api/ZRFirmware/set_time_zone interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the zonename parameter. [email protected] 9.8 3.27% 2021-04-29 2026-06-16
CVE-2021-30229 The api/zrDm/set_zrDm interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the dm_enable, AppKey, or Pwd parameter. [email protected] 8.8 2.88% 2021-04-29 2026-06-16
CVE-2021-30228 The api/ZRAndlink/set_ZRAndlink interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the iandlink_proc_enable parameter. [email protected] 9.8 3.27% 2021-04-29 2026-06-16
CVE-2021-25812 Command injection vulnerability in China Mobile An Lianbao WF-1 1.01 via the 'ip' parameter with a POST request to /api/ZRQos/set_online_client. [email protected] 9.8 2.81% 2021-04-29 2026-06-16
CVE-2018-20326 ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have XSS via the cgi-bin/webproc?getpage=html/index.html var:subpage parameter. [email protected] 6.1 4.82% 2019-01-02 2026-06-16
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence