Lucene search
K

294 matches found

RedhatCVE
RedhatCVE
added 2025/09/20 12:30 a.m.12 views

CVE-2025-57293

A command injection vulnerability in COMFAST CF-XR11 firmware V2.7.2 exists in the multipppoe API, processed by the sub423930 function in /usr/bin/webmgnt. The phyinterface parameter is not sanitized, allowing attackers to inject arbitrary commands via a POST request to...

8.8CVSS7.8AI score0.01679EPSS
Exploits1References1
NVD
NVD
added 2025/09/18 9:15 p.m.7 views

CVE-2025-57293

A command injection vulnerability in COMFAST CF-XR11 firmware V2.7.2 exists in the multipppoe API, processed by the sub423930 function in /usr/bin/webmgnt. The phyinterface parameter is not sanitized, allowing attackers to inject arbitrary commands via a POST request to...

8.8CVSS0.01679EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/09/18 12:0 a.m.4 views

COMFAST CF-XR11 安全漏洞

COMFAST CF-XR11 is a wireless router from China Four Seas Zonglian COMFAST. A security vulnerability exists in COMFAST CF-XR11 version V2.7.2, which stems from an uncleaned phyinterface parameter in the multipppoe API, which could lead to a command injection attack...

8.8CVSS7.3AI score0.01679EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/09/18 12:0 a.m.4 views

CVE-2025-57293

A command injection vulnerability in COMFAST CF-XR11 firmware V2.7.2 exists in the multipppoe API, processed by the sub423930 function in /usr/bin/webmgnt. The phyinterface parameter is not sanitized, allowing attackers to inject arbitrary commands via a POST request to...

7.4AI score0.01679EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/09/18 12:0 a.m.12 views

PT-2025-38482

Name of the Vulnerable Software and Affected Versions COMFAST CF-XR11 version V2.7.2 Description A command injection issue exists in the multi pppoe API, processed by the sub 423930 function. The phy interface parameter is not sanitized, allowing attackers to inject arbitrary commands via a POST...

8.8CVSS7.5AI score0.01679EPSS
Exploits1References6
Cvelist
Cvelist
added 2025/09/18 12:0 a.m.11 views

CVE-2025-57293

A command injection vulnerability in COMFAST CF-XR11 firmware V2.7.2 exists in the multipppoe API, processed by the sub423930 function in /usr/bin/webmgnt. The phyinterface parameter is not sanitized, allowing attackers to inject arbitrary commands via a POST request to...

0.01679EPSS
Exploits1References1
CVE
CVE
added 2025/09/18 12:0 a.m.19 views

CVE-2025-57293

COMFAST CF-XR11 firmware V2.7.2 is affected by a command injection in the multi_pppoe API (sub_423930 in /usr/bin/webmgnt). The phy_interface parameter is not sanitized, allowing an attacker to inject commands via POST to /cgi-bin/mbox-config?method=SET&section=multi_pppoe; when action=one_click_...

8.8CVSS7.5AI score0.01679EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/08/31 12:4 a.m.5 views

CVE-2025-9586

A vulnerability was identified in Comfast CF-N1 2.6.0. This vulnerability affects the function wirelessdevicedissoc of the file /usr/bin/webmgnt. Such manipulation of the argument mac leads to command injection. The attack may be performed from a remote location. The exploit is publicly available...

6.5CVSS6.8AI score0.08319EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/08/31 12:4 a.m.5 views

CVE-2025-9583

A vulnerability has been found in Comfast CF-N1 2.6.0. Affected by this vulnerability is the function pingconfig of the file /usr/bin/webmgnt. The manipulation leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used...

6.5CVSS6.7AI score0.05075EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/08/31 12:4 a.m.5 views

CVE-2025-9585

A vulnerability was determined in Comfast CF-N1 2.6.0. This affects the function wifilithdeletepicfile of the file /usr/bin/webmgnt. This manipulation of the argument portaldeletepicname causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly...

6.5CVSS7.1AI score0.05075EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/08/31 12:4 a.m.4 views

CVE-2025-9584

A vulnerability was found in Comfast CF-N1 2.6.0. Affected by this issue is the function updateinterfacepng of the file /usr/bin/webmgnt. The manipulation of the argument interface/displayname results in command injection. The attack can be executed remotely. The exploit has been made public and...

6.5CVSS7.1AI score0.08319EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/08/31 12:4 a.m.4 views

CVE-2025-9582

A flaw has been found in Comfast CF-N1 2.6.0. Affected is the function ntptimezone of the file /usr/bin/webmgnt. Executing manipulation of the argument timestr can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used...

9.8CVSS6.8AI score0.05309EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/08/31 12:4 a.m.5 views

CVE-2025-9581

A vulnerability was detected in Comfast CF-N1 2.6.0. This impacts the function multipppoe of the file /usr/bin/webmgnt. Performing manipulation of the argument phyinterface results in command injection. The attack may be initiated remotely. The exploit is now public and may be used...

9.8CVSS7.1AI score0.05309EPSS
Exploits1References1
OSV
OSV
added 2025/08/28 9:15 p.m.3 views

CVE-2025-9585

A vulnerability was determined in Comfast CF-N1 2.6.0. This affects the function wifilithdeletepicfile of the file /usr/bin/webmgnt. This manipulation of the argument portaldeletepicname causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly...

8.8CVSS5.6AI score0.05075EPSS
Exploits1References4
OSV
OSV
added 2025/08/28 9:15 p.m.2 views

CVE-2025-9586

A vulnerability was identified in Comfast CF-N1 2.6.0. This vulnerability affects the function wirelessdevicedissoc of the file /usr/bin/webmgnt. Such manipulation of the argument mac leads to command injection. The attack may be performed from a remote location. The exploit is publicly available...

8.8CVSS5.7AI score0.08319EPSS
Exploits1References4
NVD
NVD
added 2025/08/28 9:15 p.m.5 views

CVE-2025-9586

A vulnerability was identified in Comfast CF-N1 2.6.0. This vulnerability affects the function wirelessdevicedissoc of the file /usr/bin/webmgnt. Such manipulation of the argument mac leads to command injection. The attack may be performed from a remote location. The exploit is publicly available...

8.8CVSS0.08319EPSS
Exploits1References4
NVD
NVD
added 2025/08/28 9:15 p.m.5 views

CVE-2025-9585

A vulnerability was determined in Comfast CF-N1 2.6.0. This affects the function wifilithdeletepicfile of the file /usr/bin/webmgnt. This manipulation of the argument portaldeletepicname causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly...

8.8CVSS0.05075EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/08/28 9:2 p.m.11 views

CVE-2025-9586 Comfast CF-N1 webmgnt wireless_device_dissoc command injection

A vulnerability was identified in Comfast CF-N1 2.6.0. This vulnerability affects the function wirelessdevicedissoc of the file /usr/bin/webmgnt. Such manipulation of the argument mac leads to command injection. The attack may be performed from a remote location. The exploit is publicly available...

6.5CVSS0.08319EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/08/28 9:2 p.m.2 views

CVE-2025-9586 Comfast CF-N1 webmgnt wireless_device_dissoc command injection

A vulnerability was identified in Comfast CF-N1 2.6.0. This vulnerability affects the function wirelessdevicedissoc of the file /usr/bin/webmgnt. Such manipulation of the argument mac leads to command injection. The attack may be performed from a remote location. The exploit is publicly available...

6.5CVSS6.5AI score0.08319EPSS
Exploits1References4
CVE
CVE
added 2025/08/28 9:2 p.m.14 views

CVE-2025-9586

CVE-2025-9586 affects Comfast CF-N1 firmware version 2.6.0. The vulnerability resides in the wireless_device_dissoc function of /usr/bin/webmgnt, where manipulating the mac argument leads to command injection. Exploitation appears feasible remotely, and public PoCs/exploits exist. Multiple connec...

8.8CVSS6.4AI score0.08319EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder