GCVE - cpe:2.3:o:comfast:cf-ac100_firmware:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:comfast:cf-ac100_firmware:*:*:*:*:*:*:*:*

part: o version: * update: *

Vendor	Comfast (`73ca0fe3-d078-57b1-947c-03e714d28b3e`)
Product	Cf Ac100 Firmware (`a80cbb03-3dca-5de5-9788-d4d6c28072f1`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-4468`	vulnerable	2026-06-03 15:26:25.525577	Comfast CF-AC100 mbox-config command injection MEDIUM (4.7) A vulnerability was determined in Comfast CF-AC100 2.6.0.8. Affected is an unknown function of the file /cgi-bin/mbox-config?method=SET&section=update_interface_png. This manipulation causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2026-03-20T03:32:10.679Z Updated: 2026-03-20T16:18:52.951Z Open on db.gcve.eu Reference links https://vuldb.com/?id.351758 https://vuldb.com/?ctiid.351758 https://vuldb.com/?submit.772878 https://github.com/jinhao118/cve/blob/main/ComFast%20CF-AC100-V2.6.0.8_4.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-4467`	vulnerable	2026-06-03 15:26:25.525251	Comfast CF-AC100 mbox-config command injection MEDIUM (4.7) A vulnerability was found in Comfast CF-AC100 2.6.0.8. This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET&section=wireless_device_dissoc. The manipulation results in command injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2026-03-20T02:32:10.454Z Updated: 2026-03-20T19:57:42.110Z Open on db.gcve.eu Reference links https://vuldb.com/?id.351757 https://vuldb.com/?ctiid.351757 https://vuldb.com/?submit.772877 https://github.com/jinhao118/cve/blob/main/ComFast%20CF-AC100-V2.6.0.8_3.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-4466`	vulnerable	2026-06-03 15:26:25.524829	Comfast CF-AC100 mbox-config command injection MEDIUM (4.7) A vulnerability has been found in Comfast CF-AC100 2.6.0.8. This affects an unknown function of the file /cgi-bin/mbox-config?method=SET&section=ntp_timezone. The manipulation leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2026-03-20T02:02:17.642Z Updated: 2026-03-20T18:08:46.660Z Open on db.gcve.eu Reference links https://vuldb.com/?id.351756 https://vuldb.com/?ctiid.351756 https://vuldb.com/?submit.772874 https://github.com/jinhao118/cve/blob/main/ComFast%20CF-AC100-V2.6.0.8_2.md	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.