COMFAST CF-XR11 命令注入漏洞

The COMFAST CF-XR11 is a wireless router from China Four Seas Zonglian COMFAST. A security vulnerability exists in COMFAST CF-XR11 version 2.7.2, which can be exploited to execute arbitrary code via the target parameter of the sub431F64 function in bin/webmgnt...

COMFAST CF-XR11 命令注入漏洞

The COMFAST CF-XR11 is a wireless router from China Four Seas Zonglian COMFAST. A security vulnerability exists in COMFAST CF-XR11 version 2.7.2, which can be exploited to execute arbitrary code via the ifname and mac parameters in the sub410074 function of bin/webmgnt...

COMFAST CF-XR11 命令注入漏洞

The COMFAST CF-XR11 is a wireless router from China Four Seas Zonglian COMFAST. A security vulnerability exists in COMFAST CF-XR11 version 2.7.2, which stems from a command injection vulnerability detected at function sub4143F0...

CVE-2023-38864

An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the protaldeletepicname parameter in the sub41171C function at bin/webmgnt...

CVE-2023-38865

COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub4143F0. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter timestr...

PT-2023-26647 · Comfast · Comfast Cf-Xr11

Name of the Vulnerable Software and Affected Versions: COMFAST CF-XR11 version 2.7.2 Description: The issue is a command injection vulnerability detected at the function sub 415588. Attackers can send POST request messages to the /usr/bin/webmgnt endpoint and inject commands into the parameters...

PT-2023-26644 · Comfast · Comfast Cf-Xr11

Name of the Vulnerable Software and Affected Versions: COMFAST CF-XR11 version 2.7.2 Description: An issue in the software allows an attacker to execute arbitrary code via the ifname and mac parameters in the sub 410074 function at bin/webmgnt. Recommendations: For COMFAST CF-XR11 version 2.7.2,...

PT-2023-26643 · Comfast · Comfast Cf-Xr11

Name of the Vulnerable Software and Affected Versions: COMFAST CF-XR11 version 2.7.2 Description: An issue in COMFAST CF-XR11 allows an attacker to execute arbitrary code via the destination parameter of the sub 431F64 function in bin/webmgnt. Recommendations: For COMFAST CF-XR11 version 2.7.2,...

PT-2023-26645 · Comfast · Comfast Cf-Xr11

Name of the Vulnerable Software and Affected Versions: COMFAST CF-XR11 version 2.7.2 Description: An issue in COMFAST CF-XR11 allows an attacker to execute arbitrary code via the protal delete picname parameter in the sub 41171C function at bin/webmgnt. Recommendations: For COMFAST CF-XR11 versio...

CVE-2023-38865

COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub4143F0. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter timestr...

CVE-2023-38866

CVE-2023-38866 affects COMFAST CF-XR11 v2.7.2. A command-injection vulnerability is exposed in the device’s /usr/bin/webmgnt endpoint, with the exploit vector leveraging the parameters interface and display_name via POST to inject commands, traced to function sub_415588. The CVSSv3.1 vector is NE...

CVE-2023-38863

CVE-2023-38863 affects COMFAST CF-XR11 firmware v2.7.2. The vulnerability is a code execution path in bin/webmgnt, exploitable via ifname and mac parameters in the sub_410074 function. Connected documents confirm the affected product and vulnerability details; cited remediation guidance is limite...

CVE-2023-38865

CVE-2023-38865 affects COMFAST CF-XR11 v2.7.2. The vulnerability is a command-injection in function sub_4143F0, allowing an attacker to send POST requests to /usr/bin/webmgnt and inject commands via the timestr parameter. Connected sources confirm the affected product and vulnerable component; no...

CVE-2023-38864

CVE-2023-38864 affects COMFAST CF-XR11 firmware v2.7.2. A remote attacker can trigger arbitrary code execution via the protal_delete_picname parameter in bin/webmgnt (sub_41171C). CVSSv3.1: 9.8 (CRITICAL), Network vector, no privileges, no user interaction. Documents confirm the flaw but do not p...

CVE-2023-38862

CVE-2023-38862 affects COMFAST CF-XR11 (v2.7.2). The vulnerability is an arbitrary code execution via the destination parameter of sub_431F64 in bin/webmgnt, with CVSS 3.1 base score 9.8 (NETWORK, NONE/NO user interaction, high impact on confidentiality, integrity and availability). Connected sou...

PT-2023-26646 · Comfast · Comfast Cf-Xr11

Name of the Vulnerable Software and Affected Versions: COMFAST CF-XR11 version 2.7.2 Description: The issue is a command injection vulnerability detected at function sub 4143F0. Attackers can send POST request messages to "/usr/bin/webmgnt" and inject commands into parameter timestr...

CVE-2023-38866

COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub415588. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter interface and displayname...

CVE-2022-45725

Improper Input Validation in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to execute arbitrary code on the target via an HTTP POST request...

CVE-2022-45724

Incorrect Access Control in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to perform any HTTP request to an unauthenticated page to force the server to generate a SESSIONID, and using this SESSIONID an attacker can then perform authenticated requests...

CVE-2022-45725

Improper Input Validation in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to execute arbitrary code on the target via an HTTP POST request...