862 matches found
CVE-2026-2823
A vulnerability was detected in Comfast CF-E7 2.6.0.9. The impacted element is the function sub41ACCC of the file /cgi-bin/mbox-config?method=SET§ion=ntptimezone of the component webmggnt. Performing a manipulation of the argument timestr results in command injection. The attack is possible t...
CVE-2026-2823
CVE-2026-2823 affects Comfast CF-E7 with firmware 2.6.0.9. The vulnerability lies in the webmgmt component, specifically the function sub_41ACCC in /cgi-bin/mbox-config?method=SET§ion=ntp_timezone, where manipulating the timestr argument results in a remote command-injection. The vulnerabilit...
PT-2026-21000
A flaw has been found in Comfast CF-E7 2.6.0.9. This affects the function sub 441CF4 of the file /cgi-bin/mbox-config?method=SET§ion=ping config of the component webmggnt. Executing a manipulation of the argument destination can lead to command injection. The attack may be performed from...
Comfast CF-E7 命令注入漏洞
The Comfast CF-E7 is a wireless router produced by Comfast Corporation. The Comfast CF-E7 version 2.6.0.9 has a command injection vulnerability. This vulnerability stems from an error in the handling of the parameter “timestr” in the function “sub41ACCC” within the webmggnt component, located at...
CVE-2026-2535
A vulnerability was found in Comfast CF-N1 V2 2.6.0.2. The impacted element is the function sub44AB9C of the file /cgi-bin/mbox-config?method=SET=ptestchannel. The manipulation of the argument channel results in command injection. The attack can be launched remotely. The exploit has been made...
CVE-2026-2537
A vulnerability was identified in Comfast CF-E4 2.6.0.1. This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET§ion=ntptimezone of the component HTTP POST Request Handler. Such manipulation of the argument timestr leads to command injection. The attack may be launched...
CVE-2026-2537 Comfast CF-E4 HTTP POST Request mbox-config command injection
A vulnerability was identified in Comfast CF-E4 2.6.0.1. This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET§ion=ntptimezone of the component HTTP POST Request Handler. Such manipulation of the argument timestr leads to command injection. The attack may be launched...
CVE-2026-2537 Comfast CF-E4 HTTP POST Request mbox-config command injection
A vulnerability was identified in Comfast CF-E4 2.6.0.1. This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET§ion=ntptimezone of the component HTTP POST Request Handler. Such manipulation of the argument timestr leads to command injection. The attack may be launched...
CVE-2026-2537
CVE-2026-2537 affects Comfast CF-E4 2.6.0.1. The HTTP POST handler at /cgi-bin/mbox-config?method=SET§ion=ntp_timezone processes the timestr argument and, per Red Hat and other sources, leads to remote command injection. The vulnerability is publicly exploitable, with a publicly available exp...
CVE-2026-2535
A vulnerability was found in Comfast CF-N1 V2 2.6.0.2. The impacted element is the function sub44AB9C of the file /cgi-bin/mbox-config?method=SET§ion=ptestchannel. The manipulation of the argument channel results in command injection. The attack can be launched remotely. The exploit has been...
CVE-2026-2535
A vulnerability was found in Comfast CF-N1 V2 2.6.0.2. The impacted element is the function sub44AB9C of the file /cgi-bin/mbox-config?method=SET§ion=ptestchannel. The manipulation of the argument channel results in command injection. The attack can be launched remotely. The exploit has been...
CVE-2026-2534
A vulnerability has been found in Comfast CF-N1 V2 2.6.0.2. The affected element is the function sub44AC4C of the file /cgi-bin/mbox-config?method=SET§ion=ptestbandwidth. The manipulation of the argument bandwidth leads to command injection. The attack can be initiated remotely. The exploit h...
PT-2026-8314
Name of the Vulnerable Software and Affected Versions Comfast CF-E4 version 2.6.0.1 Description A flaw exists in Comfast CF-E4 that allows for remote command injection. The issue is located within the HTTP POST Request Handler component, specifically in the file...
Comfast CF-E4 命令注入漏洞
The Comfast CF-E4 is a wireless router produced by Comfast Corporation. The Comfast CF-E4 2.6.0.1 version has a command injection vulnerability. This vulnerability stems from incorrect handling of the parameter “timestr” in the file /cgi-bin/mbox-config?method=SET§ion=ntptimezone within the...
COMFAST CF-N1 命令注入漏洞
COMFAST CF-N1 is a wireless router produced by COMFAST Corporation. The Comfast CF-N1 V2 2.6.0.2 version has a command injection vulnerability. This vulnerability stems from incorrect handling of the parameter “bandwidth” in the function sub44AC4C within the file...
PT-2026-8311
A vulnerability was found in Comfast CF-N1 V2 2.6.0.2. The impacted element is the function sub 44AB9C of the file /cgi-bin/mbox-config?method=SET§ion=ptest channel. The manipulation of the argument channel results in command injection. The attack can be launched remotely. The exploit has bee...
AZL-76880 CVE-2025-58190 affecting package cf-cli 8.7.11-4
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
AZL-76883 CVE-2025-47911 affecting package cf-cli 8.7.11-4
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...
CVE-2022-0879
The Caldera Forms WordPress plugin before 1.9.7 does not validate and escape the cf-api parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting...
WordPress Contact Form vCard Generator plugin <= 2.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'wp-gvc-cf-download-id' Parameter vulnerability
Missing Authorization to Unauthenticated Sensitive Information Exposure via 'wp-gvc-cf-download-id' Parameter vulnerability discovered by Sopon Tangpathum SoNaJaa - freelance in WordPress Plugin Contact Form vCard Generator versions = 2.4...