← Back

Cf E7 Firmware

cf-e7_firmware

Vendor: Comfast • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2026-2824
1Comfast
1Cf E7 Firmware
Jun 17, 2026
Feb 20, 2026
2.1 LOW· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
A flaw has been found in Comfast CF-E7 2.6.0.9. This affects the function sub_441CF4 of the file /cgi-bin/mbox-config?method=SET&section=ping_config of the component webmggnt. Executing a manipulation of the argument des...Show more
A flaw has been found in Comfast CF-E7 2.6.0.9. This affects the function sub_441CF4 of the file /cgi-bin/mbox-config?method=SET&section=ping_config of the component webmggnt. Executing a manipulation of the argument destination can lead to command injection. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2026-2823
1Comfast
1Cf E7 Firmware
Jun 17, 2026
Feb 20, 2026
2.1 LOW· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
A vulnerability was detected in Comfast CF-E7 2.6.0.9. The impacted element is the function sub_41ACCC of the file /cgi-bin/mbox-config?method=SET&section=ntp_timezone of the component webmggnt. Performing a manipulation...Show more
A vulnerability was detected in Comfast CF-E7 2.6.0.9. The impacted element is the function sub_41ACCC of the file /cgi-bin/mbox-config?method=SET&section=ntp_timezone of the component webmggnt. Performing a manipulation of the argument timestr results in command injection. The attack is possible to be carried out remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less