chinamobile CVE Vulnerabilities & Metrics

Focus on chinamobile vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About chinamobile Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with chinamobile. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total chinamobile CVEs: 14
Earliest CVE date: 02 Jan 2019, 18:29 UTC
Latest CVE date: 14 Sep 2023, 19:16 UTC

Latest CVE reference: CVE-2023-41011

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -100.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -100.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical chinamobile CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 6.16

Max CVSS: 10.0

Critical CVEs (≥9): 1

CVSS Range vs. Count

Range	Count
0.0-3.9	2
4.0-6.9	4
7.0-8.9	7
9.0-10.0	1

CVSS Distribution Chart

Top 5 Highest CVSS chinamobile CVEs

These are the five CVEs with the highest CVSS scores for chinamobile, sorted by severity first and recency.

CVE-2021-33963 chinamobile Published on 15 Jan 2022, 10:15 UTC (CVSS: 10.0)
China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ZRMacClone/mac_addr_clone receives parameters by POST request, and the parameter macType has a command injection vulnerability. An attacker can use the vulnerability to execute remote commands.
CVE-2021-30234 chinamobile Published on 29 Apr 2021, 16:15 UTC (CVSS: 7.5)
The api/ZRIGMP/set_MLD_PROXY interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the MLD_PROXY_WAN_CONNECT parameter.
CVE-2021-30233 chinamobile Published on 29 Apr 2021, 16:15 UTC (CVSS: 7.5)
The api/ZRIptv/setIptvInfo interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the iptv_vlan parameter.
CVE-2021-30232 chinamobile Published on 29 Apr 2021, 16:15 UTC (CVSS: 7.5)
The api/ZRIGMP/set_IGMP_PROXY interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the IGMP_PROXY_WAN_CONNECT parameter.
CVE-2021-30231 chinamobile Published on 29 Apr 2021, 16:15 UTC (CVSS: 7.5)
The api/zrDm/set_ZRElink interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the bssaddr, abiaddr, devtoken, devid, elinksync, or elink_proc_enable parameter.

All CVEs for chinamobile

CVE-2023-41011 chinamobile vulnerability CVSS: 0 14 Sep 2023, 19:16 UTC

Command Execution vulnerability in China Mobile Communications China Mobile Intelligent Home Gateway v.HG6543C4 allows a remote attacker to execute arbitrary code via the shortcut_telnet.cg component.

CVE-2023-41012 chinamobile vulnerability CVSS: 0 05 Sep 2023, 16:15 UTC

An issue in China Mobile Communications China Mobile Intelligent Home Gateway v.HG6543C4 allows a remote attacker to execute arbitrary code via the authentication mechanism.

CVE-2021-33965 chinamobile vulnerability CVSS: 6.5 18 Jan 2022, 13:15 UTC

China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /api/ZRMesh/set_ZRMesh which receives parameters by POST request, and the parameter mesh_enable and mesh_device have a command injection vulnerability. An attacker can use the vulnerability to execute remote commands.

CVE-2021-33964 chinamobile vulnerability CVSS: 6.5 18 Jan 2022, 12:15 UTC

China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /api/ZRRuleFilter/set_firewall_level which receives parameters by POST request, and the parameter firewall_level has a command injection vulnerability. An attacker can use the vulnerability to execute remote commands.

CVE-2021-33963 chinamobile vulnerability CVSS: 10.0 15 Jan 2022, 10:15 UTC

China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ZRMacClone/mac_addr_clone receives parameters by POST request, and the parameter macType has a command injection vulnerability. An attacker can use the vulnerability to execute remote commands.

CVE-2021-30234 chinamobile vulnerability CVSS: 7.5 29 Apr 2021, 16:15 UTC

The api/ZRIGMP/set_MLD_PROXY interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the MLD_PROXY_WAN_CONNECT parameter.

CVE-2021-30233 chinamobile vulnerability CVSS: 7.5 29 Apr 2021, 16:15 UTC

The api/ZRIptv/setIptvInfo interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the iptv_vlan parameter.

CVE-2021-30232 chinamobile vulnerability CVSS: 7.5 29 Apr 2021, 16:15 UTC

The api/ZRIGMP/set_IGMP_PROXY interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the IGMP_PROXY_WAN_CONNECT parameter.

CVE-2021-30231 chinamobile vulnerability CVSS: 7.5 29 Apr 2021, 16:15 UTC

The api/zrDm/set_ZRElink interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the bssaddr, abiaddr, devtoken, devid, elinksync, or elink_proc_enable parameter.

CVE-2021-30230 chinamobile vulnerability CVSS: 7.5 29 Apr 2021, 16:15 UTC

The api/ZRFirmware/set_time_zone interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the zonename parameter.

CVE-2021-30229 chinamobile vulnerability CVSS: 6.5 29 Apr 2021, 16:15 UTC

The api/zrDm/set_zrDm interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the dm_enable, AppKey, or Pwd parameter.

CVE-2021-30228 chinamobile vulnerability CVSS: 7.5 29 Apr 2021, 16:15 UTC

The api/ZRAndlink/set_ZRAndlink interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the iandlink_proc_enable parameter.

CVE-2021-25812 chinamobile vulnerability CVSS: 7.5 29 Apr 2021, 16:15 UTC

Command injection vulnerability in China Mobile An Lianbao WF-1 1.01 via the 'ip' parameter with a POST request to /api/ZRQos/set_online_client.

CVE-2018-20326 chinamobile vulnerability CVSS: 4.3 02 Jan 2019, 18:29 UTC

ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have XSS via the cgi-bin/webproc?getpage=html/index.html var:subpage parameter.