Comfast

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-3798 2Comfast Encomfast 2Cf Ac100 Firmware Comfast Cf Ac100 Firmware Jun 17, 2026 Mar 9, 2026 2.0 LOW· v4 7.2 HIGH· v3 5.8 MEDIUM· v2 A vulnerability was detected in Comfast CF-AC100 2.6.0.8. This affects the function sub_44AC14 of the file /cgi-bin/mbox-config?method=SET&section=ping_config of the component Request Path Handler. The manipulation resul...Show more A vulnerability was detected in Comfast CF-AC100 2.6.0.8. This affects the function sub_44AC14 of the file /cgi-bin/mbox-config?method=SET&section=ping_config of the component Request Path Handler. The manipulation results in command injection. The attack may be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2026-2824 1Comfast 1Cf E7 Firmware Jun 17, 2026 Feb 20, 2026 2.1 LOW· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A flaw has been found in Comfast CF-E7 2.6.0.9. This affects the function sub_441CF4 of the file /cgi-bin/mbox-config?method=SET&section=ping_config of the component webmggnt. Executing a manipulation of the argument des...Show more A flaw has been found in Comfast CF-E7 2.6.0.9. This affects the function sub_441CF4 of the file /cgi-bin/mbox-config?method=SET&section=ping_config of the component webmggnt. Executing a manipulation of the argument destination can lead to command injection. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2026-2823 1Comfast 1Cf E7 Firmware Jun 17, 2026 Feb 20, 2026 2.1 LOW· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability was detected in Comfast CF-E7 2.6.0.9. The impacted element is the function sub_41ACCC of the file /cgi-bin/mbox-config?method=SET&section=ntp_timezone of the component webmggnt. Performing a manipulation...Show more A vulnerability was detected in Comfast CF-E7 2.6.0.9. The impacted element is the function sub_41ACCC of the file /cgi-bin/mbox-config?method=SET&section=ntp_timezone of the component webmggnt. Performing a manipulation of the argument timestr results in command injection. The attack is possible to be carried out remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2026-2537 1Comfast 1Cf E4 Firmware Jun 17, 2026 Feb 16, 2026 2.0 LOW· v4 7.2 HIGH· v3 5.8 MEDIUM· v2 A vulnerability was identified in Comfast CF-E4 2.6.0.1. This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET&section=ntp_timezone of the component HTTP POST Request Handler. Such manipulation of...Show more A vulnerability was identified in Comfast CF-E4 2.6.0.1. This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET&section=ntp_timezone of the component HTTP POST Request Handler. Such manipulation of the argument timestr leads to command injection. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2026-2535 1Comfast 1Cf N1 Firmware Jun 17, 2026 Feb 16, 2026 2.1 LOW· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability was found in Comfast CF-N1 V2 2.6.0.2. The impacted element is the function sub_44AB9C of the file /cgi-bin/mbox-config?method=SET&section=ptest_channel. The manipulation of the argument channel results i...Show more A vulnerability was found in Comfast CF-N1 V2 2.6.0.2. The impacted element is the function sub_44AB9C of the file /cgi-bin/mbox-config?method=SET&section=ptest_channel. The manipulation of the argument channel results in command injection. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2026-2534 1Comfast 1Cf N1 Firmware Jun 17, 2026 Feb 16, 2026 2.1 LOW· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability has been found in Comfast CF-N1 V2 2.6.0.2. The affected element is the function sub_44AC4C of the file /cgi-bin/mbox-config?method=SET&section=ptest_bandwidth. The manipulation of the argument bandwidth...Show more A vulnerability has been found in Comfast CF-N1 V2 2.6.0.2. The affected element is the function sub_44AC4C of the file /cgi-bin/mbox-config?method=SET&section=ptest_bandwidth. The manipulation of the argument bandwidth leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2025-57293 1Comfast 1Cf Xr11 Firmware Jun 17, 2026 Sep 18, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 A command injection vulnerability in COMFAST CF-XR11 (firmware V2.7.2) exists in the multi_pppoe API, processed by the sub_423930 function in /usr/bin/webmgnt. The phy_interface parameter is not sanitized, allowing attac...Show more A command injection vulnerability in COMFAST CF-XR11 (firmware V2.7.2) exists in the multi_pppoe API, processed by the sub_423930 function in /usr/bin/webmgnt. The phy_interface parameter is not sanitized, allowing attackers to inject arbitrary commands via a POST request to /cgi-bin/mbox-config?method=SET&section=multi_pppoe. When the action parameter is set to "one_click_redial", the unsanitized phy_interface is used in a system() call, enabling execution of malicious commands. This can lead to unauthorized access to sensitive files, execution of arbitrary code, or full device compromise.Show less
CVE-2025-9586 1Comfast 1Cf N1 Firmware Jun 17, 2026 Aug 28, 2025 2.1 LOW· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability was identified in Comfast CF-N1 2.6.0. This vulnerability affects the function wireless_device_dissoc of the file /usr/bin/webmgnt. Such manipulation of the argument mac leads to command injection. The at...Show more A vulnerability was identified in Comfast CF-N1 2.6.0. This vulnerability affects the function wireless_device_dissoc of the file /usr/bin/webmgnt. Such manipulation of the argument mac leads to command injection. The attack may be performed from a remote location. The exploit is publicly available and might be used.Show less
CVE-2025-9585 1Comfast 1Cf N1 Firmware Jun 17, 2026 Aug 28, 2025 2.1 LOW· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability was determined in Comfast CF-N1 2.6.0. This affects the function wifilith_delete_pic_file of the file /usr/bin/webmgnt. This manipulation of the argument portal_delete_picname causes command injection. Th...Show more A vulnerability was determined in Comfast CF-N1 2.6.0. This affects the function wifilith_delete_pic_file of the file /usr/bin/webmgnt. This manipulation of the argument portal_delete_picname causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.Show less
CVE-2025-9584 1Comfast 1Cf N1 Firmware Jun 17, 2026 Aug 28, 2025 2.1 LOW· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability was found in Comfast CF-N1 2.6.0. Affected by this issue is the function update_interface_png of the file /usr/bin/webmgnt. The manipulation of the argument interface/display_name results in command injec...Show more A vulnerability was found in Comfast CF-N1 2.6.0. Affected by this issue is the function update_interface_png of the file /usr/bin/webmgnt. The manipulation of the argument interface/display_name results in command injection. The attack can be executed remotely. The exploit has been made public and could be used.Show less
CVE-2025-9583 1Comfast 1Cf N1 Firmware Jun 17, 2026 Aug 28, 2025 2.1 LOW· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability has been found in Comfast CF-N1 2.6.0. Affected by this vulnerability is the function ping_config of the file /usr/bin/webmgnt. The manipulation leads to command injection. Remote exploitation of the atta...Show more A vulnerability has been found in Comfast CF-N1 2.6.0. Affected by this vulnerability is the function ping_config of the file /usr/bin/webmgnt. The manipulation leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-9582 1Comfast 1Cf N1 Firmware Jun 17, 2026 Aug 28, 2025 2.1 LOW· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A flaw has been found in Comfast CF-N1 2.6.0. Affected is the function ntp_timezone of the file /usr/bin/webmgnt. Executing manipulation of the argument timestr can lead to command injection. The attack may be launched r...Show more A flaw has been found in Comfast CF-N1 2.6.0. Affected is the function ntp_timezone of the file /usr/bin/webmgnt. Executing manipulation of the argument timestr can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used.Show less
CVE-2025-9581 1Comfast 1Cf N1 Firmware Jun 17, 2026 Aug 28, 2025 2.1 LOW· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A vulnerability was detected in Comfast CF-N1 2.6.0. This impacts the function multi_pppoe of the file /usr/bin/webmgnt. Performing manipulation of the argument phy_interface results in command injection. The attack may...Show more A vulnerability was detected in Comfast CF-N1 2.6.0. This impacts the function multi_pppoe of the file /usr/bin/webmgnt. Performing manipulation of the argument phy_interface results in command injection. The attack may be initiated remotely. The exploit is now public and may be used.Show less
CVE-2024-44466 1Comfast 1Cf Xr11 Firmware Jun 17, 2026 Sep 11, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter iface.
CVE-2023-38866 1Comfast 1Cf Xr11 Firmware Jun 17, 2026 Aug 15, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_415588. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter interface and display_name.
CVE-2023-38864 1Comfast 1Cf Xr11 Firmware Jun 17, 2026 Aug 15, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the protal_delete_picname parameter in the sub_41171C function at bin/webmgnt.
CVE-2023-38865 1Comfast 1Cf Xr11 Firmware Jun 17, 2026 Aug 15, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_4143F0. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter timestr.
CVE-2023-38863 1Comfast 1Cf Xr11 Firmware Jun 17, 2026 Aug 15, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the ifname and mac parameters in the sub_410074 function at bin/webmgnt.
CVE-2023-38862 1Comfast 1Cf Xr11 Firmware Jun 17, 2026 Aug 15, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the destination parameter of sub_431F64 function in bin/webmgnt.
CVE-2022-45725 1Comfast 1Cf Wr610n Firmware Jun 17, 2026 Feb 13, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Improper Input Validation in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to execute arbitrary code on the target via an HTTP POST request

12 Next