CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

288 matches found

Positive Technologies•added 2025/08/28 12:0 a.m.•3 views

PT-2025-35136

Name of the Vulnerable Software and Affected Versions: Comfast CF-N1 version 2.6.0 Description: A vulnerability exists in Comfast CF-N1 version 2.6.0 due to command injection. The issue is located in the update interface png function within the /usr/bin/webmgnt file. Manipulation of the...

6.5CVSS6.9AI score0.08319EPSS

Exploits1References7

Positive Technologies•added 2025/08/28 12:0 a.m.•4 views

PT-2025-35134

Name of the Vulnerable Software and Affected Versions: Comfast CF-N1 version 2.6.0 Description: A flaw exists in the ntp timezone function within the /usr/bin/webmgnt file. Manipulation of the timestr argument can lead to command injection, potentially allowing for remote attacks. The exploit for...

6.5CVSS6.3AI score0.05309EPSS

Exploits1References7

Positive Technologies•added 2025/08/28 12:0 a.m.•3 views

PT-2025-35142

Name of the Vulnerable Software and Affected Versions Comfast CF-N1 version 2.6.0 Description A vulnerability was identified in the wireless device dissoc function of the /usr/bin/webmgnt file. Manipulation of the mac argument leads to command injection. The attack may be performed remotely. The...

8.8CVSS6.3AI score0.08319EPSS

Exploits1References7

RedhatCVE•added 2025/05/23 6:51 a.m.•3 views

CVE-2024-54751

COMFAST CF-WR630AX v2.7.0.2 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root...

9.8CVSS7.5AI score0.00405EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 6:51 a.m.•7 views

CVE-2024-44466

COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub424CB4. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter iface...

9.8CVSS9.7AI score0.10442EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 4:9 a.m.•7 views

CVE-2023-38864

An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the protaldeletepicname parameter in the sub41171C function at bin/webmgnt...

9.8CVSS7.8AI score0.01081EPSS

Exploits1

RedhatCVE•added 2025/05/23 4:9 a.m.•12 views

CVE-2023-38865

COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub4143F0. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter timestr...

9.8CVSS7.7AI score0.02091EPSS

Exploits1

RedhatCVE•added 2025/05/23 4:9 a.m.•4 views

CVE-2023-38866

COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub415588. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter interface and displayname...

9.8CVSS7.7AI score0.02091EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 4:9 a.m.•6 views

CVE-2023-38863

An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the ifname and mac parameters in the sub410074 function at bin/webmgnt...

9.8CVSS7.8AI score0.01081EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 2:20 a.m.•5 views

CVE-2023-38862

An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the destination parameter of sub431F64 function in bin/webmgnt...

9.8CVSS7.8AI score0.01081EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 12:27 a.m.•6 views

CVE-2022-47701

COMFAST Shenzhen Sihai Zhonglian Network Technology Co., Ltd CF-WR623N Router firmware V2.3.0.1 is vulnerable to Cross Site Scripting XSS...

6.1CVSS6.6AI score0.00353EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 12:27 a.m.•8 views

CVE-2022-47699

COMFAST Shenzhen Sihai Zhonglian Network Technology Co., Ltd CF-WR623N Router firmware V2.3.0.1 is vulnerable to Incorrect Access Control...

9.8CVSS7AI score0.00621EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 12:27 a.m.•7 views

CVE-2022-47700

COMFAST Shenzhen Sihai Zhonglian Network Technology Co., Ltd CF-WR623N Router firmware V2.3.0.1 and before is vulnerable to Incorrect Access Control. Improper authentication allows requests to be made to back-end scripts without a valid session or authentication...

7.5CVSS7.2AI score0.00509EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 12:18 a.m.•4 views

CVE-2022-45725

Improper Input Validation in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to execute arbitrary code on the target via an HTTP POST request...

8.8CVSS7.9AI score0.08775EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 11:22 p.m.•4 views

CVE-2022-45724

Incorrect Access Control in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to perform any HTTP request to an unauthenticated page to force the server to generate a SESSIONID, and using this SESSIONID an attacker can then perform authenticated requests...

5.4CVSS7AI score0.00677EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 9:52 p.m.•12 views

CVE-2022-47697

COMFAST Shenzhen Sihai Zhonglian Network Technology Co., Ltd CF-WR623N Router firmware V2.3.0.1 and before is vulnerable to Account takeover. Anyone can reset the password of the admin accounts...

9.8CVSS7.2AI score0.00621EPSS

Exploits0References1

CNVD•added 2025/04/11 12:0 a.m.•2 views

Comfast CF-616AC V2 of Shenzhen Sihai Zonglian Network Technology Co., Ltd. suffers from logic flaw vulnerability

Comfast CF-616AC V2 is a wireless router. Comfast CF-616AC V2 has a logic flaw vulnerability that can be exploited by an attacker to cause a denial of service...

6.9AI score

Exploits0

RedhatCVE•added 2025/02/14 10:36 a.m.•7 views

CVE-2023-30310

An issue discovered in Comfast Comfast CF-616AC routers allows attackers to hijack TCP sessions which could lead to a denial of service...

7.5CVSS6.7AI score0.00417EPSS

Exploits0References1