Filtered by vendor Comfast
Subscribe
Total
15 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-57293 | 1 Comfast | 2 Cf-xr11, Cf-xr11 Firmware | 2025-10-03 | N/A | 8.8 HIGH |
| A command injection vulnerability in COMFAST CF-XR11 (firmware V2.7.2) exists in the multi_pppoe API, processed by the sub_423930 function in /usr/bin/webmgnt. The phy_interface parameter is not sanitized, allowing attackers to inject arbitrary commands via a POST request to /cgi-bin/mbox-config?method=SET§ion=multi_pppoe. When the action parameter is set to "one_click_redial", the unsanitized phy_interface is used in a system() call, enabling execution of malicious commands. This can lead to unauthorized access to sensitive files, execution of arbitrary code, or full device compromise. | |||||
| CVE-2025-9583 | 1 Comfast | 2 Cf-n1, Cf-n1 Firmware | 2025-10-02 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in Comfast CF-N1 2.6.0. Affected by this vulnerability is the function ping_config of the file /usr/bin/webmgnt. The manipulation leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-9584 | 1 Comfast | 2 Cf-n1, Cf-n1 Firmware | 2025-10-02 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in Comfast CF-N1 2.6.0. Affected by this issue is the function update_interface_png of the file /usr/bin/webmgnt. The manipulation of the argument interface/display_name results in command injection. The attack can be executed remotely. The exploit has been made public and could be used. | |||||
| CVE-2025-9585 | 1 Comfast | 2 Cf-n1, Cf-n1 Firmware | 2025-10-02 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was determined in Comfast CF-N1 2.6.0. This affects the function wifilith_delete_pic_file of the file /usr/bin/webmgnt. This manipulation of the argument portal_delete_picname causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-9586 | 1 Comfast | 2 Cf-n1, Cf-n1 Firmware | 2025-10-02 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was identified in Comfast CF-N1 2.6.0. This vulnerability affects the function wireless_device_dissoc of the file /usr/bin/webmgnt. Such manipulation of the argument mac leads to command injection. The attack may be performed from a remote location. The exploit is publicly available and might be used. | |||||
| CVE-2025-9581 | 1 Comfast | 2 Cf-n1, Cf-n1 Firmware | 2025-09-11 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was detected in Comfast CF-N1 2.6.0. This impacts the function multi_pppoe of the file /usr/bin/webmgnt. Performing manipulation of the argument phy_interface results in command injection. The attack may be initiated remotely. The exploit is now public and may be used. | |||||
| CVE-2025-9582 | 1 Comfast | 2 Cf-n1, Cf-n1 Firmware | 2025-09-11 | 6.5 MEDIUM | 6.3 MEDIUM |
| A flaw has been found in Comfast CF-N1 2.6.0. Affected is the function ntp_timezone of the file /usr/bin/webmgnt. Executing manipulation of the argument timestr can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used. | |||||
| CVE-2022-45725 | 1 Comfast | 2 Cf-wr610n, Cf-wr610n Firmware | 2025-03-24 | N/A | 8.8 HIGH |
| Improper Input Validation in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to execute arbitrary code on the target via an HTTP POST request | |||||
| CVE-2022-45724 | 1 Comfast | 2 Cf-wr610n, Cf-wr610n Firmware | 2025-03-24 | N/A | 5.4 MEDIUM |
| Incorrect Access Control in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to perform any HTTP request to an unauthenticated page to force the server to generate a SESSION_ID, and using this SESSION_ID an attacker can then perform authenticated requests. | |||||
| CVE-2023-38866 | 1 Comfast | 2 Cf-xr11, Cf-xr11 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_415588. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter interface and display_name. | |||||
| CVE-2023-38865 | 1 Comfast | 2 Cf-xr11, Cf-xr11 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_4143F0. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter timestr. | |||||
| CVE-2023-38864 | 1 Comfast | 2 Cf-xr11, Cf-xr11 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the protal_delete_picname parameter in the sub_41171C function at bin/webmgnt. | |||||
| CVE-2023-38863 | 1 Comfast | 2 Cf-xr11, Cf-xr11 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the ifname and mac parameters in the sub_410074 function at bin/webmgnt. | |||||
| CVE-2023-38862 | 1 Comfast | 2 Cf-xr11, Cf-xr11 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the destination parameter of sub_431F64 function in bin/webmgnt. | |||||
| CVE-2024-44466 | 1 Comfast | 2 Cf-xr11, Cf-xr11 Firmware | 2024-09-13 | N/A | 9.8 CRITICAL |
| COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter iface. | |||||