VYPR
Vendor

Comfast

Products
15
CVEs
33
Across products
45
Status
Private

Products

15

Recent CVEs

33
View all 33 CVEs →
  • CVE-2024-54751CriDec 10, 2024
    risk 0.64cvss 9.8epss 0.00

    COMFAST CF-WR630AX v2.7.0.2 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.

  • CVE-2023-30310HigMay 28, 2024
    risk 0.49cvss 7.5epss 0.00

    An issue discovered in Comfast Comfast CF-616AC routers allows attackers to hijack TCP sessions which could lead to a denial of service.

  • CVE-2026-6799MedApr 21, 2026
    risk 0.41cvss 6.3epss 0.01

    A security flaw has been discovered in Comfast CF-N1-S 2.6.0.1. Affected by this issue is some unknown functionality of the file /cgi-bin/mbox-config?method=SET&section=ping_config of the component Endpoint. Performing a manipulation of the argument destination results in…

  • CVE-2026-2824MedFeb 20, 2026
    risk 0.41cvss 6.3epss 0.11

    A flaw has been found in Comfast CF-E7 2.6.0.9. This affects the function sub_441CF4 of the file /cgi-bin/mbox-config?method=SET&section=ping_config of the component webmggnt. Executing a manipulation of the argument destination can lead to command injection. The attack may be…

  • CVE-2026-2823MedFeb 20, 2026
    risk 0.41cvss 6.3epss 0.16

    A vulnerability was detected in Comfast CF-E7 2.6.0.9. The impacted element is the function sub_41ACCC of the file /cgi-bin/mbox-config?method=SET&section=ntp_timezone of the component webmggnt. Performing a manipulation of the argument timestr results in command injection. The…

  • CVE-2026-2535MedFeb 16, 2026
    risk 0.41cvss 6.3epss 0.12

    A vulnerability was found in Comfast CF-N1 V2 2.6.0.2. The impacted element is the function sub_44AB9C of the file /cgi-bin/mbox-config?method=SET&section=ptest_channel. The manipulation of the argument channel results in command injection. The attack can be launched remotely.…

  • CVE-2026-2534MedFeb 16, 2026
    risk 0.41cvss 6.3epss 0.12

    A vulnerability has been found in Comfast CF-N1 V2 2.6.0.2. The affected element is the function sub_44AC4C of the file /cgi-bin/mbox-config?method=SET&section=ptest_bandwidth. The manipulation of the argument bandwidth leads to command injection. The attack can be initiated…

  • CVE-2025-9586MedAug 28, 2025
    risk 0.41cvss 6.3epss 0.08

    A vulnerability was identified in Comfast CF-N1 2.6.0. This vulnerability affects the function wireless_device_dissoc of the file /usr/bin/webmgnt. Such manipulation of the argument mac leads to command injection. The attack may be performed from a remote location. The exploit…

  • CVE-2025-9585MedAug 28, 2025
    risk 0.41cvss 6.3epss 0.05

    A vulnerability was determined in Comfast CF-N1 2.6.0. This affects the function wifilith_delete_pic_file of the file /usr/bin/webmgnt. This manipulation of the argument portal_delete_picname causes command injection. The attack is possible to be carried out remotely. The…

  • CVE-2025-9584MedAug 28, 2025
    risk 0.41cvss 6.3epss 0.08

    A vulnerability was found in Comfast CF-N1 2.6.0. Affected by this issue is the function update_interface_png of the file /usr/bin/webmgnt. The manipulation of the argument interface/display_name results in command injection. The attack can be executed remotely. The exploit has…

  • CVE-2025-9583MedAug 28, 2025
    risk 0.41cvss 6.3epss 0.05

    A vulnerability has been found in Comfast CF-N1 2.6.0. Affected by this vulnerability is the function ping_config of the file /usr/bin/webmgnt. The manipulation leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the…

  • CVE-2025-9582MedAug 28, 2025
    risk 0.41cvss 6.3epss 0.05

    A flaw has been found in Comfast CF-N1 2.6.0. Affected is the function ntp_timezone of the file /usr/bin/webmgnt. Executing manipulation of the argument timestr can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used.

  • CVE-2025-9581MedAug 28, 2025
    risk 0.41cvss 6.3epss 0.05

    A vulnerability was detected in Comfast CF-N1 2.6.0. This impacts the function multi_pppoe of the file /usr/bin/webmgnt. Performing manipulation of the argument phy_interface results in command injection. The attack may be initiated remotely. The exploit is now public and may be…

  • CVE-2026-4468MedMar 20, 2026
    risk 0.31cvss 4.7epss 0.02

    A vulnerability was determined in Comfast CF-AC100 2.6.0.8. Affected is an unknown function of the file /cgi-bin/mbox-config?method=SET&section=update_interface_png. This manipulation causes command injection. The attack is possible to be carried out remotely. The exploit has…

  • CVE-2026-4467MedMar 20, 2026
    risk 0.31cvss 4.7epss 0.02

    A vulnerability was found in Comfast CF-AC100 2.6.0.8. This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET&section=wireless_device_dissoc. The manipulation results in command injection. The attack can be executed remotely. The exploit has been made…

  • CVE-2026-4466MedMar 20, 2026
    risk 0.31cvss 4.7epss 0.02

    A vulnerability has been found in Comfast CF-AC100 2.6.0.8. This affects an unknown function of the file /cgi-bin/mbox-config?method=SET&section=ntp_timezone. The manipulation leads to command injection. Remote exploitation of the attack is possible. The exploit has been…

  • CVE-2026-3798MedMar 9, 2026
    risk 0.31cvss 4.7epss 0.13

    A vulnerability was detected in Comfast CF-AC100 2.6.0.8. This affects the function sub_44AC14 of the file /cgi-bin/mbox-config?method=SET&section=ping_config of the component Request Path Handler. The manipulation results in command injection. The attack may be launched…

  • CVE-2026-2537MedFeb 16, 2026
    risk 0.31cvss 4.7epss 0.18

    A vulnerability was identified in Comfast CF-E4 2.6.0.1. This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET&section=ntp_timezone of the component HTTP POST Request Handler. Such manipulation of the argument timestr leads to command injection. The attack…

  • CVE-2024-44466Sep 11, 2024
    risk 0.03cvss epss 0.11

    COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter iface.

  • CVE-2026-12814Jun 21, 2026
    risk 0.00cvss epss 0.01

    A flaw has been found in Comfast CF-WR631AX V3 up to 2.7.0.8. This issue affects the function system of the file /cgi-bin/mbox-config?section=ping_config of the component API Endpoint. This manipulation of the argument destination causes os command injection. The attack is…