Sn0Ox

**Name of the Vulnerable Software and Affected Versions** Comfast router CF-WR6110N version 2.3.1 **Description** The issue allows a remote attacker on the same network to perform any HTTP request to an unauthenticated page, forcing the server to generate a `SESSION ID`. Using this `SESSION ID`, an attacker can then perform authenticated requests. **Recommendations** For Comfast router CF-WR6110N version 2.3.1, consider restricting access to unauthenticated pages to prevent the generation of a `SESSION ID` until a patch is available. As a temporary workaround, disabling the use of `SESSION ID` for authentication may help minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Comfast router CF-WR6110N version 2.3.1 **Description** The issue is related to improper input validation, allowing a remote attacker on the same network to execute arbitrary code on the target via an HTTP POST request. **Recommendations** For Comfast router CF-WR6110N version 2.3.1, update to a newer version that addresses the improper input validation issue to prevent remote code execution.