CVE-2026-2823

A vulnerability was detected in Comfast CF-E7 2.6.0.9. The impacted element is the function sub41ACCC of the file /cgi-bin/mbox-config?method=SET=ntptimezone of the component webmggnt. Performing a manipulation of the argument timestr results in command injection. The attack is possible to be...

CVE-2026-2823

A vulnerability was detected in Comfast CF-E7 2.6.0.9. The impacted element is the function sub41ACCC of the file /cgi-bin/mbox-config?method=SET&section=ntptimezone of the component webmggnt. Performing a manipulation of the argument timestr results in command injection. The attack is possible t...

CVE-2026-2823

A vulnerability was detected in Comfast CF-E7 2.6.0.9. The impacted element is the function sub41ACCC of the file /cgi-bin/mbox-config?method=SET&section=ntptimezone of the component webmggnt. Performing a manipulation of the argument timestr results in command injection. The attack is possible t...

CVE-2026-2823 Comfast CF-E7 webmggnt mbox-config sub_41ACCC command injection

A vulnerability was detected in Comfast CF-E7 2.6.0.9. The impacted element is the function sub41ACCC of the file /cgi-bin/mbox-config?method=SET&section=ntptimezone of the component webmggnt. Performing a manipulation of the argument timestr results in command injection. The attack is possible t...

Comfast CF-E7 命令注入漏洞

The Comfast CF-E7 is a wireless router produced by Comfast Corporation. The Comfast CF-E7 version 2.6.0.9 has a command injection vulnerability. This vulnerability stems from an error in the handling of the parameter “timestr” in the function “sub41ACCC” within the webmggnt component, located at...

PT-2026-20999

A vulnerability was detected in Comfast CF-E7 2.6.0.9. The impacted element is the function sub 41ACCC of the file /cgi-bin/mbox-config?method=SET&section=ntp timezone of the component webmggnt. Performing a manipulation of the argument timestr results in command injection. The attack is possible...

CVE-2026-2537

A vulnerability was identified in Comfast CF-E4 2.6.0.1. This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET&section=ntptimezone of the component HTTP POST Request Handler. Such manipulation of the argument timestr leads to command injection. The attack may be launched...

CVE-2026-2537

A vulnerability was identified in Comfast CF-E4 2.6.0.1. This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET&section=ntptimezone of the component HTTP POST Request Handler. Such manipulation of the argument timestr leads to command injection. The attack may be launched...

CVE-2026-2537

CVE-2026-2537 affects Comfast CF-E4 2.6.0.1. The HTTP POST handler at /cgi-bin/mbox-config?method=SET&section=ntp_timezone processes the timestr argument and, per Red Hat and other sources, leads to remote command injection. The vulnerability is publicly exploitable, with a publicly available exp...

CVE-2026-2537 Comfast CF-E4 HTTP POST Request mbox-config command injection

A vulnerability was identified in Comfast CF-E4 2.6.0.1. This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET&section=ntptimezone of the component HTTP POST Request Handler. Such manipulation of the argument timestr leads to command injection. The attack may be launched...

PT-2026-8314

Name of the Vulnerable Software and Affected Versions Comfast CF-E4 version 2.6.0.1 Description A flaw exists in Comfast CF-E4 that allows for remote command injection. The issue is located within the HTTP POST Request Handler component, specifically in the file...

Comfast CF-E4 命令注入漏洞

The Comfast CF-E4 is a wireless router produced by Comfast Corporation. The Comfast CF-E4 2.6.0.1 version has a command injection vulnerability. This vulnerability stems from incorrect handling of the parameter “timestr” in the file /cgi-bin/mbox-config?method=SET§ion=ntptimezone within the...

EUVD-2025-26144

Malicious code in bioql PyPI...

CVE-2025-9582

A flaw has been found in Comfast CF-N1 2.6.0. Affected is the function ntptimezone of the file /usr/bin/webmgnt. Executing manipulation of the argument timestr can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used...

CVE-2025-9582

A flaw has been found in Comfast CF-N1 2.6.0. Affected is the function ntptimezone of the file /usr/bin/webmgnt. Executing manipulation of the argument timestr can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used...

CVE-2025-9582

A flaw has been found in Comfast CF-N1 2.6.0. Affected is the function ntptimezone of the file /usr/bin/webmgnt. Executing manipulation of the argument timestr can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used...

CVE-2025-9582 Comfast CF-N1 webmgnt ntp_timezone command injection

A flaw has been found in Comfast CF-N1 2.6.0. Affected is the function ntptimezone of the file /usr/bin/webmgnt. Executing manipulation of the argument timestr can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used...

CVE-2025-9582 Comfast CF-N1 webmgnt ntp_timezone command injection

A flaw has been found in Comfast CF-N1 2.6.0. Affected is the function ntptimezone of the file /usr/bin/webmgnt. Executing manipulation of the argument timestr can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used...

CVE-2025-9582

The CVE-2025-9582 entry concerns Comfast CF-N1 firmware version 2.6.0. The flaw lies in the ntp_timezone function in the /usr/bin/webmgnt binary where manipulating the timestr argument can cause a command injection. The attack is described as remote capable and an exploit has been published. Cons...

COMFAST CF-N1 安全漏洞

COMFAST CF-N1 is a wireless router from China Four Seas Zonglian COMFAST. A security vulnerability exists in COMFAST CF-N1 version 2.6.0, which originates from a command injection due to incorrect operation of the parameter timestr in the file /usr/bin/webmgnt...