3 matches found
CVE-2023-38866
COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub415588. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter interface and displayname...
CVE-2023-38866
creationtimestamp| type| source ---|---|--- 2023-08-16 00:30:47+00:00| seen| https://t.me/cibsecurity/68605 2024-02-10 14:19:12+00:00| published-proof-of-concept| https://t.me/MrVGunz/1014...
CVE-2023-38866
CVE-2023-38866 affects COMFAST CF-XR11 v2.7.2. A command-injection vulnerability is exposed in the device’s /usr/bin/webmgnt endpoint, with the exploit vector leveraging the parameters interface and display_name via POST to inject commands, traced to function sub_415588. The CVSSv3.1 vector is NE...