CVE-2022-45724

Name of the Vulnerable Software and Affected Versions Comfast router CF-WR6110N version 2.3.1

Description The issue allows a remote attacker on the same network to perform any HTTP request to an unauthenticated page, forcing the server to generate a SESSION ID. Using this SESSION ID, an attacker can then perform authenticated requests.

Recommendations For Comfast router CF-WR6110N version 2.3.1, consider restricting access to unauthenticated pages to prevent the generation of a SESSION ID until a patch is available. As a temporary workaround, disabling the use of SESSION ID for authentication may help minimize the risk of exploitation.