Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

288 matches found

CVE
CVEadded 2023/08/15 12:0 a.m.35 views

CVE-2023-38866

CVE-2023-38866 affects COMFAST CF-XR11 v2.7.2. A command-injection vulnerability is exposed in the device’s /usr/bin/webmgnt endpoint, with the exploit vector leveraging the parameters interface and display_name via POST to inject commands, traced to function sub_415588. The CVSSv3.1 vector is NE...

9.8CVSS9.7AI score0.02091EPSS
Exploits1References1Affected Software1
CVE
CVEadded 2023/08/15 12:0 a.m.121 views

CVE-2023-38863

CVE-2023-38863 affects COMFAST CF-XR11 firmware v2.7.2. The vulnerability is a code execution path in bin/webmgnt, exploitable via ifname and mac parameters in the sub_410074 function. Connected documents confirm the affected product and vulnerability details; cited remediation guidance is limite...

9.8CVSS9.6AI score0.01081EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichmentadded 2023/08/15 12:0 a.m.9 views

CVE-2023-38863

An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the ifname and mac parameters in the sub410074 function at bin/webmgnt...

7.8AI score0.01081EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2023/08/15 12:0 a.m.11 views

CVE-2023-38865

COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub4143F0. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter timestr...

7.7AI score0.02091EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2023/08/15 12:0 a.m.10 views

CVE-2023-38862

An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the destination parameter of sub431F64 function in bin/webmgnt...

7.8AI score0.01081EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2023/08/15 12:0 a.m.8 views

CVE-2023-38866

COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub415588. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter interface and displayname...

7.7AI score0.02091EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2023/08/15 12:0 a.m.11 views

CVE-2023-38864

An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the protaldeletepicname parameter in the sub41171C function at bin/webmgnt...

7.8AI score0.01081EPSS
Exploits1References1
Cvelist
Cvelistadded 2023/08/15 12:0 a.m.16 views

CVE-2023-38862

An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the destination parameter of sub431F64 function in bin/webmgnt...

9.8AI score0.01081EPSS
Exploits1References1
Cvelist
Cvelistadded 2023/08/15 12:0 a.m.14 views

CVE-2023-38864

An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the protaldeletepicname parameter in the sub41171C function at bin/webmgnt...

9.8AI score0.01081EPSS
Exploits1References1
Cvelist
Cvelistadded 2023/08/15 12:0 a.m.15 views

CVE-2023-38865

COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub4143F0. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter timestr...

10AI score0.02091EPSS
Exploits1References1
Cvelist
Cvelistadded 2023/08/15 12:0 a.m.13 views

CVE-2023-38866

COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub415588. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter interface and displayname...

10AI score0.02091EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2023/08/15 12:0 a.m.2 views

PT-2023-26647 · Comfast · Comfast Cf-Xr11

Name of the Vulnerable Software and Affected Versions: COMFAST CF-XR11 version 2.7.2 Description: The issue is a command injection vulnerability detected at the function sub 415588. Attackers can send POST request messages to the /usr/bin/webmgnt endpoint and inject commands into the parameters...

9.8CVSS9.5AI score0.02091EPSS
Exploits1References6
Positive Technologies
Positive Technologiesadded 2023/08/15 12:0 a.m.3 views

PT-2023-26644 · Comfast · Comfast Cf-Xr11

Name of the Vulnerable Software and Affected Versions: COMFAST CF-XR11 version 2.7.2 Description: An issue in the software allows an attacker to execute arbitrary code via the ifname and mac parameters in the sub 410074 function at bin/webmgnt. Recommendations: For COMFAST CF-XR11 version 2.7.2,...

9.8CVSS9.5AI score0.01081EPSS
Exploits1References6
Positive Technologies
Positive Technologiesadded 2023/08/15 12:0 a.m.2 views

PT-2023-26643 · Comfast · Comfast Cf-Xr11

Name of the Vulnerable Software and Affected Versions: COMFAST CF-XR11 version 2.7.2 Description: An issue in COMFAST CF-XR11 allows an attacker to execute arbitrary code via the destination parameter of the sub 431F64 function in bin/webmgnt. Recommendations: For COMFAST CF-XR11 version 2.7.2,...

9.8CVSS9.6AI score0.01081EPSS
Exploits1References6
Positive Technologies
Positive Technologiesadded 2023/08/15 12:0 a.m.3 views

PT-2023-26645 · Comfast · Comfast Cf-Xr11

Name of the Vulnerable Software and Affected Versions: COMFAST CF-XR11 version 2.7.2 Description: An issue in COMFAST CF-XR11 allows an attacker to execute arbitrary code via the protal delete picname parameter in the sub 41171C function at bin/webmgnt. Recommendations: For COMFAST CF-XR11 versio...

9.8CVSS9.5AI score0.01081EPSS
Exploits1References5
Positive Technologies
Positive Technologiesadded 2023/08/15 12:0 a.m.6 views

PT-2023-26646 · Comfast · Comfast Cf-Xr11

Name of the Vulnerable Software and Affected Versions: COMFAST CF-XR11 version 2.7.2 Description: The issue is a command injection vulnerability detected at function sub 4143F0. Attackers can send POST request messages to "/usr/bin/webmgnt" and inject commands into parameter timestr...

9.8CVSS9.6AI score0.02091EPSS
Exploits1References7
Cvelist
Cvelistadded 2023/08/15 12:0 a.m.17 views

CVE-2023-38863

An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the ifname and mac parameters in the sub410074 function at bin/webmgnt...

9.8AI score0.01081EPSS
Exploits1References1
OSV
OSVadded 2023/02/13 2:15 p.m.2 views

CVE-2022-45725

Improper Input Validation in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to execute arbitrary code on the target via an HTTP POST request...

8.8CVSS6.2AI score
Exploits0References3
OSV
OSVadded 2023/02/13 2:15 p.m.2 views

CVE-2022-45724

Incorrect Access Control in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to perform any HTTP request to an unauthenticated page to force the server to generate a SESSIONID, and using this SESSIONID an attacker can then perform authenticated requests...

5.4CVSS5.8AI score
Exploits0References3
NVD
NVDadded 2023/02/13 2:15 p.m.9 views

CVE-2022-45725

Improper Input Validation in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to execute arbitrary code on the target via an HTTP POST request...

8.8CVSS8.9AI score0.08775EPSS
Exploits1References3
Rows per page
Query Builder