CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Prion•added 2023/08/15 8:15 p.m.•11 views

Command injection

COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub415588. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter interface and displayname...

7.5CVSS9.7AI score0.01101EPSS

OSV•added 2023/08/15 7:15 p.m.•1 views

CVE-2023-38862

An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the destination parameter of sub431F64 function in bin/webmgnt...

9.8CVSS7.6AI score0.00164EPSS

ATTACKERKB•added 2023/08/15 7:15 p.m.•0 views

CVE-2023-38862

An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the destination parameter of sub431F64 function in bin/webmgnt...

9.8CVSS6.1AI score0.00164EPSS

NVD•added 2023/08/15 7:15 p.m.•11 views

CVE-2023-38862

An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the destination parameter of sub431F64 function in bin/webmgnt...

9.8CVSS9.7AI score0.00164EPSS

ATTACKERKB•added 2023/08/15 7:15 p.m.•2 views

CVE-2023-38863

An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the ifname and mac parameters in the sub410074 function at bin/webmgnt...

9.8CVSS6.1AI score0.00164EPSS

ATTACKERKB•added 2023/08/15 7:15 p.m.•0 views

CVE-2023-38865

COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub4143F0. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter timestr...

9.8CVSS5.8AI score0.01101EPSS

NVD•added 2023/08/15 7:15 p.m.•6 views

CVE-2023-38865

COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub4143F0. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter timestr...

9.8CVSS9.8AI score0.01101EPSS

NVD•added 2023/08/15 7:15 p.m.•12 views

CVE-2023-38863

An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the ifname and mac parameters in the sub410074 function at bin/webmgnt...

9.8CVSS9.7AI score0.00164EPSS

OSV•added 2023/08/15 7:15 p.m.•2 views

CVE-2023-38863

An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the ifname and mac parameters in the sub410074 function at bin/webmgnt...

9.8CVSS6.1AI score0.00164EPSS

OSV•added 2023/08/15 7:15 p.m.•1 views

CVE-2023-38865

COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub4143F0. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter timestr...

9.8CVSS5.8AI score

Exploits0References1

Prion•added 2023/08/15 7:15 p.m.•12 views

Command injection

COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub4143F0. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter timestr...

7.5CVSS9.7AI score0.01101EPSS

Prion•added 2023/08/15 7:15 p.m.•16 views

Design/Logic Flaw

An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the ifname and mac parameters in the sub410074 function at bin/webmgnt...

7.5CVSS9.6AI score0.00164EPSS

Cvelist•added 2023/08/15 12:0 a.m.•13 views

CVE-2023-38864

An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the protaldeletepicname parameter in the sub41171C function at bin/webmgnt...

9.8AI score0.00164EPSS

Positive Technologies•added 2023/08/15 12:0 a.m.•2 views

PT-2023-26647 · Comfast · Comfast Cf-Xr11

Name of the Vulnerable Software and Affected Versions: COMFAST CF-XR11 version 2.7.2 Description: The issue is a command injection vulnerability detected at the function sub 415588. Attackers can send POST request messages to the /usr/bin/webmgnt endpoint and inject commands into the parameters...

9.8CVSS9.5AI score0.01101EPSS

Exploits1References6

CVE•added 2023/08/15 12:0 a.m.•34 views

CVE-2023-38866

CVE-2023-38866 affects COMFAST CF-XR11 v2.7.2. A command-injection vulnerability is exposed in the device’s /usr/bin/webmgnt endpoint, with the exploit vector leveraging the parameters interface and display_name via POST to inject commands, traced to function sub_415588. The CVSSv3.1 vector is NE...

9.8CVSS9.7AI score0.01101EPSS

Vulnrichment•added 2023/08/15 12:0 a.m.•11 views

CVE-2023-38864

An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the protaldeletepicname parameter in the sub41171C function at bin/webmgnt...

7.8AI score0.00164EPSS

Positive Technologies•added 2023/08/15 12:0 a.m.•5 views

PT-2023-26646 · Comfast · Comfast Cf-Xr11

Name of the Vulnerable Software and Affected Versions: COMFAST CF-XR11 version 2.7.2 Description: The issue is a command injection vulnerability detected at function sub 4143F0. Attackers can send POST request messages to "/usr/bin/webmgnt" and inject commands into parameter timestr...

9.8CVSS9.6AI score0.01101EPSS

Exploits1References7

CNNVD•added 2023/08/15 12:0 a.m.•2 views

COMFAST CF-XR11 命令注入漏洞

COMFAST CF-XR11 is a wireless router from COMFAST, China. A security vulnerability exists in COMFAST CF-XR11 version 2.7.2, which originates from an arbitrary code execution via the protaldeletepicname parameter in the sub41171C function of bin/webmgnt...

9.8CVSS9.2AI score0.00164EPSS