3 matches found
CVE-2026-15511
Comfast CF-WR631AX V3 devices affected up to version 2.7.0.8; the FastCGI Backend’s /usr/bin/webmgnt module function system_wl_upload_pic_file accepts a manipulated filename, leading to OS command injection. Attacks can be remotely initiated; the exploit has been publicly disclosed and vendor res...
CVE-2026-6799
A security flaw has been discovered in Comfast CF-N1-S 2.6.0.1. Affected by this issue is some unknown functionality of the file /cgi-bin/mbox-config?method=SET=pingconfig of the component Endpoint. Performing a manipulation of the argument destination results in command injection. The attack can...
CVE-2026-3798
A vulnerability was detected in Comfast CF-AC100 2.6.0.8. This affects the function sub44AC14 of the file /cgi-bin/mbox-config?method=SET=pingconfig of the component Request Path Handler. The manipulation results in command injection. The attack may be launched remotely. The exploit is now public...