Lucene search
+L

865 matches found

OSV
OSV
added 2025/09/25 10:39 a.m.15 views

CLSA-2025-1758796775 spamassassin: Fix of 2 CVEs

CVE-2020-1930: fix command-execution vulnerability in SpamAssassin .cf parsing - CVE-2020-1931: fix command-execution vulnerability in SpamAssassin .cf parsing...

9.3CVSS5.8AI score0.07053EPSS
Exploits0References1
OSV
OSV
added 2025/09/18 9:15 p.m.5 views

CVE-2025-57293

A command injection vulnerability in COMFAST CF-XR11 firmware V2.7.2 exists in the multipppoe API, processed by the sub423930 function in /usr/bin/webmgnt. The phyinterface parameter is not sanitized, allowing attackers to inject arbitrary commands via a POST request to...

8.8CVSS6.2AI score0.01679EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/09/18 12:0 a.m.4 views

CVE-2025-57293

A command injection vulnerability in COMFAST CF-XR11 firmware V2.7.2 exists in the multipppoe API, processed by the sub423930 function in /usr/bin/webmgnt. The phyinterface parameter is not sanitized, allowing attackers to inject arbitrary commands via a POST request to...

7.4AI score0.01679EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/09/18 12:0 a.m.13 views

PT-2025-38482

Name of the Vulnerable Software and Affected Versions COMFAST CF-XR11 version V2.7.2 Description A command injection issue exists in the multi pppoe API, processed by the sub 423930 function. The phy interface parameter is not sanitized, allowing attackers to inject arbitrary commands via a POST...

8.8CVSS7.5AI score0.01679EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/08/31 12:4 a.m.8 views

CVE-2025-9586

A vulnerability was identified in Comfast CF-N1 2.6.0. This vulnerability affects the function wirelessdevicedissoc of the file /usr/bin/webmgnt. Such manipulation of the argument mac leads to command injection. The attack may be performed from a remote location. The exploit is publicly available...

6.5CVSS6.8AI score0.08319EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/08/31 12:4 a.m.8 views

CVE-2025-9583

A vulnerability has been found in Comfast CF-N1 2.6.0. Affected by this vulnerability is the function pingconfig of the file /usr/bin/webmgnt. The manipulation leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used...

6.5CVSS6.7AI score0.05075EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/08/31 12:4 a.m.8 views

CVE-2025-9585

A vulnerability was determined in Comfast CF-N1 2.6.0. This affects the function wifilithdeletepicfile of the file /usr/bin/webmgnt. This manipulation of the argument portaldeletepicname causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly...

6.5CVSS7.1AI score0.05075EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/08/31 12:4 a.m.6 views

CVE-2025-9582

A flaw has been found in Comfast CF-N1 2.6.0. Affected is the function ntptimezone of the file /usr/bin/webmgnt. Executing manipulation of the argument timestr can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used...

9.8CVSS6.8AI score0.05309EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/08/31 12:4 a.m.8 views

CVE-2025-9581

A vulnerability was detected in Comfast CF-N1 2.6.0. This impacts the function multipppoe of the file /usr/bin/webmgnt. Performing manipulation of the argument phyinterface results in command injection. The attack may be initiated remotely. The exploit is now public and may be used...

9.8CVSS7.1AI score0.05309EPSS
Exploits1References1
OSV
OSV
added 2025/08/28 9:15 p.m.5 views

CVE-2025-9585

A vulnerability was determined in Comfast CF-N1 2.6.0. This affects the function wifilithdeletepicfile of the file /usr/bin/webmgnt. This manipulation of the argument portaldeletepicname causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly...

8.8CVSS5.6AI score0.05075EPSS
Exploits1References4
OSV
OSV
added 2025/08/28 9:15 p.m.4 views

CVE-2025-9586

A vulnerability was identified in Comfast CF-N1 2.6.0. This vulnerability affects the function wirelessdevicedissoc of the file /usr/bin/webmgnt. Such manipulation of the argument mac leads to command injection. The attack may be performed from a remote location. The exploit is publicly available...

8.8CVSS5.7AI score0.08319EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/08/28 9:2 p.m.4 views

CVE-2025-9586 Comfast CF-N1 webmgnt wireless_device_dissoc command injection

A vulnerability was identified in Comfast CF-N1 2.6.0. This vulnerability affects the function wirelessdevicedissoc of the file /usr/bin/webmgnt. Such manipulation of the argument mac leads to command injection. The attack may be performed from a remote location. The exploit is publicly available...

6.5CVSS6.5AI score0.08319EPSS
Exploits1References4
CVE
CVE
added 2025/08/28 9:2 p.m.16 views

CVE-2025-9586

CVE-2025-9586 affects Comfast CF-N1 firmware version 2.6.0. The vulnerability resides in the wireless_device_dissoc function of /usr/bin/webmgnt, where manipulating the mac argument leads to command injection. Exploitation appears feasible remotely, and public PoCs/exploits exist. Multiple connec...

8.8CVSS6.4AI score0.08319EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2025/08/28 8:32 p.m.15 views

CVE-2025-9585 Comfast CF-N1 webmgnt wifilith_delete_pic_file command injection

A vulnerability was determined in Comfast CF-N1 2.6.0. This affects the function wifilithdeletepicfile of the file /usr/bin/webmgnt. This manipulation of the argument portaldeletepicname causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly...

6.5CVSS0.05075EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/08/28 8:32 p.m.4 views

CVE-2025-9585 Comfast CF-N1 webmgnt wifilith_delete_pic_file command injection

A vulnerability was determined in Comfast CF-N1 2.6.0. This affects the function wifilithdeletepicfile of the file /usr/bin/webmgnt. This manipulation of the argument portaldeletepicname causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly...

6.5CVSS6.7AI score0.05075EPSS
Exploits1References4
CVE
CVE
added 2025/08/28 8:32 p.m.17 views

CVE-2025-9585

CVE-2025-9585 affects Comfast CF-N1 2.6.0. The issue is in /usr/bin/webmgnt, in the wifilith_delete_pic_file function, where manipulating the portal_delete_picname argument leads to remote command injection. Public exploits have been disclosed. Likely impact includes remote code execution with hi...

8.8CVSS6.4AI score0.05075EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2025/08/28 8:15 p.m.6 views

CVE-2025-9583

A vulnerability has been found in Comfast CF-N1 2.6.0. Affected by this vulnerability is the function pingconfig of the file /usr/bin/webmgnt. The manipulation leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used...

8.8CVSS0.05075EPSS
Exploits1References4
OSV
OSV
added 2025/08/28 8:15 p.m.4 views

CVE-2025-9584

A vulnerability was found in Comfast CF-N1 2.6.0. Affected by this issue is the function updateinterfacepng of the file /usr/bin/webmgnt. The manipulation of the argument interface/displayname results in command injection. The attack can be executed remotely. The exploit has been made public and...

8.8CVSS5.6AI score0.08319EPSS
Exploits1References4
OSV
OSV
added 2025/08/28 8:15 p.m.5 views

CVE-2025-9582

A flaw has been found in Comfast CF-N1 2.6.0. Affected is the function ntptimezone of the file /usr/bin/webmgnt. Executing manipulation of the argument timestr can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used...

9.8CVSS5.7AI score0.05309EPSS
Exploits1References4
NVD
NVD
added 2025/08/28 8:15 p.m.6 views

CVE-2025-9582

A flaw has been found in Comfast CF-N1 2.6.0. Affected is the function ntptimezone of the file /usr/bin/webmgnt. Executing manipulation of the argument timestr can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used...

9.8CVSS0.05309EPSS
Exploits1References4
Rows per page
Query Builder