Curryraid

**Name of the Vulnerable Software and Affected Versions** COMFAST CF-XR11 version 2.7.2 **Description** The issue is a command injection vulnerability in the function `sub 424CB4`. Attackers can exploit this by sending POST request messages to the "/usr/bin/webmgnt" API endpoint and injecting commands into the `iface` parameter. **Recommendations** For COMFAST CF-XR11 version 2.7.2, as a temporary workaround, consider restricting access to the "/usr/bin/webmgnt" API endpoint to minimize the risk of exploitation. Avoid using the `iface` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.