Lucene search
K

862 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/20 5:2 a.m.6 views

CVE-2026-2823

A vulnerability was detected in Comfast CF-E7 2.6.0.9. The impacted element is the function sub41ACCC of the file /cgi-bin/mbox-config?method=SET&section=ntptimezone of the component webmggnt. Performing a manipulation of the argument timestr results in command injection. The attack is possible t...

6.5CVSS5.4AI score0.17394EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/02/20 5:2 a.m.22 views

CVE-2026-2823

CVE-2026-2823 affects Comfast CF-E7 with firmware 2.6.0.9. The vulnerability lies in the webmgmt component, specifically the function sub_41ACCC in /cgi-bin/mbox-config?method=SET&section=ntp_timezone, where manipulating the timestr argument results in a remote command-injection. The vulnerabilit...

8.8CVSS6.4AI score0.17394EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.10 views

PT-2026-21000

A flaw has been found in Comfast CF-E7 2.6.0.9. This affects the function sub 441CF4 of the file /cgi-bin/mbox-config?method=SET&section=ping config of the component webmggnt. Executing a manipulation of the argument destination can lead to command injection. The attack may be performed from...

6.5CVSS5.3AI score0.12705EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.10 views

Comfast CF-E7 命令注入漏洞

The Comfast CF-E7 is a wireless router produced by Comfast Corporation. The Comfast CF-E7 version 2.6.0.9 has a command injection vulnerability. This vulnerability stems from an error in the handling of the parameter “timestr” in the function “sub41ACCC” within the webmggnt component, located at...

8.8CVSS6.6AI score0.17394EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/02/17 7:28 a.m.12 views

CVE-2026-2535

A vulnerability was found in Comfast CF-N1 V2 2.6.0.2. The impacted element is the function sub44AB9C of the file /cgi-bin/mbox-config?method=SET=ptestchannel. The manipulation of the argument channel results in command injection. The attack can be launched remotely. The exploit has been made...

8.8CVSS5.4AI score0.14018EPSS
Exploits1References1
NVD
NVD
added 2026/02/16 6:16 a.m.10 views

CVE-2026-2537

A vulnerability was identified in Comfast CF-E4 2.6.0.1. This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET&section=ntptimezone of the component HTTP POST Request Handler. Such manipulation of the argument timestr leads to command injection. The attack may be launched...

7.2CVSS0.2044EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/16 5:32 a.m.6 views

CVE-2026-2537 Comfast CF-E4 HTTP POST Request mbox-config command injection

A vulnerability was identified in Comfast CF-E4 2.6.0.1. This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET&section=ntptimezone of the component HTTP POST Request Handler. Such manipulation of the argument timestr leads to command injection. The attack may be launched...

5.8CVSS5.5AI score0.2044EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/16 5:32 a.m.39 views

CVE-2026-2537 Comfast CF-E4 HTTP POST Request mbox-config command injection

A vulnerability was identified in Comfast CF-E4 2.6.0.1. This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET&section=ntptimezone of the component HTTP POST Request Handler. Such manipulation of the argument timestr leads to command injection. The attack may be launched...

5.8CVSS0.2044EPSS
Exploits1References4
CVE
CVE
added 2026/02/16 5:32 a.m.19 views

CVE-2026-2537

CVE-2026-2537 affects Comfast CF-E4 2.6.0.1. The HTTP POST handler at /cgi-bin/mbox-config?method=SET&section=ntp_timezone processes the timestr argument and, per Red Hat and other sources, leads to remote command injection. The vulnerability is publicly exploitable, with a publicly available exp...

7.2CVSS5.5AI score0.2044EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/02/16 5:16 a.m.3 views

CVE-2026-2535

A vulnerability was found in Comfast CF-N1 V2 2.6.0.2. The impacted element is the function sub44AB9C of the file /cgi-bin/mbox-config?method=SET&section=ptestchannel. The manipulation of the argument channel results in command injection. The attack can be launched remotely. The exploit has been...

8.8CVSS5.6AI score0.14018EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/16 4:32 a.m.6 views

CVE-2026-2535

A vulnerability was found in Comfast CF-N1 V2 2.6.0.2. The impacted element is the function sub44AB9C of the file /cgi-bin/mbox-config?method=SET&section=ptestchannel. The manipulation of the argument channel results in command injection. The attack can be launched remotely. The exploit has been...

6.5CVSS5.4AI score0.14018EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/02/16 4:15 a.m.15 views

CVE-2026-2534

A vulnerability has been found in Comfast CF-N1 V2 2.6.0.2. The affected element is the function sub44AC4C of the file /cgi-bin/mbox-config?method=SET&section=ptestbandwidth. The manipulation of the argument bandwidth leads to command injection. The attack can be initiated remotely. The exploit h...

8.8CVSS0.13525EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/16 12:0 a.m.9 views

PT-2026-8314

Name of the Vulnerable Software and Affected Versions Comfast CF-E4 version 2.6.0.1 Description A flaw exists in Comfast CF-E4 that allows for remote command injection. The issue is located within the HTTP POST Request Handler component, specifically in the file...

5.8CVSS5.1AI score0.2044EPSS
Exploits1References8
CNNVD
CNNVD
added 2026/02/16 12:0 a.m.8 views

Comfast CF-E4 命令注入漏洞

The Comfast CF-E4 is a wireless router produced by Comfast Corporation. The Comfast CF-E4 2.6.0.1 version has a command injection vulnerability. This vulnerability stems from incorrect handling of the parameter “timestr” in the file /cgi-bin/mbox-config?method=SET§ion=ntptimezone within the...

7.2CVSS5.8AI score0.2044EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/02/16 12:0 a.m.9 views

COMFAST CF-N1 命令注入漏洞

COMFAST CF-N1 is a wireless router produced by COMFAST Corporation. The Comfast CF-N1 V2 2.6.0.2 version has a command injection vulnerability. This vulnerability stems from incorrect handling of the parameter “bandwidth” in the function sub44AC4C within the file...

8.8CVSS6.6AI score0.13525EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/16 12:0 a.m.11 views

PT-2026-8311

A vulnerability was found in Comfast CF-N1 V2 2.6.0.2. The impacted element is the function sub 44AB9C of the file /cgi-bin/mbox-config?method=SET&section=ptest channel. The manipulation of the argument channel results in command injection. The attack can be launched remotely. The exploit has bee...

6.5CVSS5.4AI score0.14018EPSS
Exploits1References5
OSV
OSV
added 2026/02/05 6:16 p.m.7 views

AZL-76880 CVE-2025-58190 affecting package cf-cli 8.7.11-4

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS7.4AI score0.00482EPSS
Exploits1References1
OSV
OSV
added 2026/02/05 6:16 p.m.6 views

AZL-76883 CVE-2025-47911 affecting package cf-cli 8.7.11-4

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS7.3AI score0.00502EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:45 a.m.4 views

CVE-2022-0879

The Caldera Forms WordPress plugin before 1.9.7 does not validate and escape the cf-api parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.7AI score0.01195EPSS
Exploits2References1
Patchstack
Patchstack
added 2026/01/08 11:10 p.m.10 views

WordPress Contact Form vCard Generator plugin <= 2.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'wp-gvc-cf-download-id' Parameter vulnerability

Missing Authorization to Unauthenticated Sensitive Information Exposure via 'wp-gvc-cf-download-id' Parameter vulnerability discovered by Sopon Tangpathum SoNaJaa - freelance in WordPress Plugin Contact Form vCard Generator versions = 2.4...

5.3CVSS6.9AI score0.00321EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder