CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

A command injection vulnerability in COMFAST CF-XR11 firmware V2.7.2 exists in the multipppoe API, processed by the sub423930 function in /usr/bin/webmgnt. The phyinterface parameter is not sanitized, allowing attackers to inject arbitrary commands via a POST request to...

8.8CVSS7.8AI score0.00313EPSS

Exploits1References1

NVD•added 2025/09/18 9:15 p.m.•4 views

CVE-2025-57293

8.8CVSS0.00313EPSS

Exploits1References1

Positive Technologies•added 2025/09/18 12:0 a.m.•3 views

PT-2025-38482

Name of the Vulnerable Software and Affected Versions COMFAST CF-XR11 version V2.7.2 Description A command injection issue exists in the multi pppoe API, processed by the sub 423930 function. The phy interface parameter is not sanitized, allowing attackers to inject arbitrary commands via a POST...

8.8CVSS7.5AI score0.00313EPSS

Exploits1References6

CVE•added 2025/09/18 12:0 a.m.•14 views

CVE-2025-57293

COMFAST CF-XR11 firmware V2.7.2 is affected by a command injection in the multi_pppoe API (sub_423930 in /usr/bin/webmgnt). The phy_interface parameter is not sanitized, allowing an attacker to inject commands via POST to /cgi-bin/mbox-config?method=SET&section=multi_pppoe; when action=one_click_...

8.8CVSS7.5AI score0.00313EPSS

Exploits1References1Affected Software1

CNNVD•added 2025/09/18 12:0 a.m.•2 views

COMFAST CF-XR11 安全漏洞

COMFAST CF-XR11 is a wireless router from China Four Seas Zonglian COMFAST. A security vulnerability exists in COMFAST CF-XR11 version V2.7.2, which stems from an uncleaned phyinterface parameter in the multipppoe API, which could lead to a command injection attack...

8.8CVSS7.3AI score0.00313EPSS

Exploits1References1

Cvelist•added 2025/09/18 12:0 a.m.•8 views

CVE-2025-57293

0.00313EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by