Comfast CF-XR11
Approved changes feed: RSS · Atom
cpe:2.3:h:comfast:cf-xr11:-:*:*:*:*:*:*:*
part: h version: - update: *
| Vendor | Comfast (73ca0fe3-d078-57b1-947c-03e714d28b3e) |
|---|---|
| Product | Cf Xr11 (87295cff-16ac-55d9-9aee-a5ec6ca7ba6d) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-57293 |
not_vulnerable | 2026-06-03 15:04:59.717140 |
Details available
A command injection vulnerability in COMFAST CF-XR11 (firmware V2.7.2) exists in the multi_pppoe API, processed by the sub_423930 function in /usr/bin/webmgnt. The phy_interface parameter is not sanitized, allowing attackers to inject arbitrary commands via a POST request to /cgi-bin/mbox-config?method=SET§ion=multi_pppoe. When the action parameter is set to "one_click_redial", the unsanitized phy_interface is used in a system() call, enabling execution of malicious commands. This can lead to unauthorized access to sensitive files, execution of arbitrary code, or full device compromise.
Published: 2025-09-18T00:00:00.000Z
Updated: 2025-09-19T14:08:26.011Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-44466 |
not_vulnerable | 2026-06-03 14:56:47.854659 |
Details available
COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter iface.
Published: 2024-09-11T00:00:00.000Z
Updated: 2024-09-11T17:33:25.923Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-38866 |
not_vulnerable | 2026-06-03 14:52:32.036549 |
Details available
COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_415588. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter interface and display_name.
Published: 2023-08-15T00:00:00.000Z
Updated: 2024-10-09T13:08:01.703Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-38866 |
vulnerable | 2026-06-03 14:52:32.036481 |
Details available
COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_415588. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter interface and display_name.
Published: 2023-08-15T00:00:00.000Z
Updated: 2024-10-09T13:08:01.703Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-38865 |
not_vulnerable | 2026-06-03 14:52:32.036240 |
Details available
COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_4143F0. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter timestr.
Published: 2023-08-15T00:00:00.000Z
Updated: 2024-10-09T13:08:57.932Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-38865 |
vulnerable | 2026-06-03 14:52:32.036169 |
Details available
COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_4143F0. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter timestr.
Published: 2023-08-15T00:00:00.000Z
Updated: 2024-10-09T13:08:57.932Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-38864 |
not_vulnerable | 2026-06-03 14:52:32.035886 | db.gcve.eu details are currently unavailable. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-38864 |
vulnerable | 2026-06-03 14:52:32.035812 |
Details available
An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the protal_delete_picname parameter in the sub_41171C function at bin/webmgnt.
Published: 2023-08-15T00:00:00.000Z
Updated: 2024-10-09T13:10:46.216Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-38863 |
not_vulnerable | 2026-06-03 14:52:32.035546 |
Details available
An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the ifname and mac parameters in the sub_410074 function at bin/webmgnt.
Published: 2023-08-15T00:00:00.000Z
Updated: 2024-10-09T13:11:38.170Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-38863 |
vulnerable | 2026-06-03 14:52:32.035465 |
Details available
An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the ifname and mac parameters in the sub_410074 function at bin/webmgnt.
Published: 2023-08-15T00:00:00.000Z
Updated: 2024-10-09T13:11:38.170Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-38862 |
not_vulnerable | 2026-06-03 14:52:32.035122 |
Details available
An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the destination parameter of sub_431F64 function in bin/webmgnt.
Published: 2023-08-15T00:00:00.000Z
Updated: 2024-10-09T13:12:25.955Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-38862 |
vulnerable | 2026-06-03 14:52:32.034273 |
Details available
An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the destination parameter of sub_431F64 function in bin/webmgnt.
Published: 2023-08-15T00:00:00.000Z
Updated: 2024-10-09T13:12:25.955Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.