CVE-2022-47700

Published: Jan 31, 2023Modified: Mar 27, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 and before is vulnerable to Incorrect Access Control. Improper authentication allows requests to be made to back-end scripts without a valid session or authentication.

Affected (1)

Products: Comfast Project: Cf Wr623n Firmware

Comfast Project

1 product

Cf Wr623n Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Comfast Project Cf Wr623n Firmware	Up to 2.3.0.1

Running on/with	Platform Versions
Comfast Project Cf Wr623n	All versions

Related CWEs

Direct Request ('Forced Browsing')

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

References (2)

https://github.com/OlivierLaflamme/cve/blob/main/COMFAST/CF-WR623N/auth_bypass.md

Source: cve@mitre.org

https://github.com/OlivierLaflamme/cve/blob/main/COMFAST/CF-WR623N/auth_bypass.md

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.