ZTE MF971R goform_get_cmd_process Config Control External config control vulnerability [CVE-2021-21744]

CVE number = CVE-2021-21744

An exploitable Pre-Auth Configuration File Control vulnerability exists in ZTE MF971R LTE router version wa_inner_version:BD_PLKPLMF971R1V1.0.0B06.

This vulnerability is present in goform_get_cmd_process API-related code, which is a part of the ZTE MF971R web applications. A specially-crafted URL sent by an attacker and visited by a victim can lead to arbitrary configuration file entry overwrite with a null byte.

A specially-crafted HTTP request can cause a configuration file entry overwrite.

An attacker needs to provide a URL to the victim to trigger the vulnerability.

Discovered by Marcin ‘Icewall’ Noga of Cisco Talos.

Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: