CVE-2021-27715: An issue was discovered in MoFi Network MOFI4500-4GXeLTE-V2 3.5.6-xnet-5052 allows attackers to bypass the...
An issue was discovered in MoFi Network MOFI4500-4GXeLTE-V2 3.5.6-xnet-5052 allows attackers to bypass the authentication and execute arbitrary code via crafted HTTP request.
Security readout for executives and security teams
Plain-English summary
This vulnerability is reported in a MoFi Network MOFI4500-4GXeLTE-V2 firmware build and could let an unauthenticated attacker run code through a crafted HTTP request. In business terms, a reachable affected router could become a foothold into the network. The source bundle does not provide CVSS, CPEs, or a named patch.
Executive priority
Treat this as a near-term perimeter risk if affected MoFi devices are deployed. Prioritize inventory and exposure reduction first, because the described impact is code execution without authentication, while patch details are not confirmed in the supplied sources.
Technical view
CVE-2021-27715 describes authentication bypass leading to arbitrary code execution via crafted HTTP request in MOFI4500-4GXeLTE-V2 3.5.6-xnet-5052. The CVE record has no CVSS, CWE, or structured affected CPE data in the provided bundle. KEV status is false, so active exploitation is not evidenced here.
Likely exposure
Organizations are likely exposed only if they run the named MoFi MOFI4500-4GXeLTE-V2 firmware build and its HTTP management surface is reachable by attackers. Internet-exposed, poorly segmented, or remotely managed devices carry the highest concern. The bundle’s structured affected-product fields are incomplete.
Exploitation context
The cited description says exploitation uses a crafted HTTP request to bypass authentication and execute arbitrary code. No source in the bundle confirms active exploitation, public exploit availability, required privileges, attack complexity, or affected configuration details.
Researcher notes
The public record is sparse: no CVSS, CWE, CPE, or structured affected version data is provided beyond the narrative product and firmware string. Avoid assuming broader MoFi impact. Validate against the Nagarro advisory and vendor materials before declaring remediation complete.
Mitigation direction
Identify any MoFi MOFI4500-4GXeLTE-V2 devices and firmware versions.
Check MoFi or advisory guidance for fixed firmware or vendor mitigations.
Remove management HTTP interfaces from internet exposure.
Restrict administration to trusted networks or VPN access only.
Segment affected routers from sensitive internal systems.
Replace unsupported devices if no vendor fix is available.
Validation and detection
Inventory routers and confirm exact model and firmware build.
Review exposure of HTTP administration interfaces from external networks.
Check logs for unexpected administrative access or configuration changes.
Verify management access controls are restricted to trusted sources.
Track vendor advisory updates for patch or mitigation confirmation.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
description · low confidence lookup
Execution behavior lookup
The CVE wording references code or command execution, so execution technique review may help defensive triage. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
0CVSS vectors
3Timeline events
2ADP providers
2Source links
SSVC decision data
CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: yesTechnical Impact: total
Vulnerability timeline
Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.
CVE reservedCVE Program
The CVE ID was reserved by the assigning CNA.
CVE publishedCVE Program
The CVE record was published.
Sep 8, 2023, 00:00 UTC (UTC+00:00)
CVE updatedCVE Program
The CVE record metadata indicates this as the latest update time.