PT-2023-14736 · Comfast · Comfast Cf-Wr6110N

Sn0Ox

Published

2023-02-13

Updated

2025-03-24

CVE-2022-45724

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Comfast router CF-WR6110N version 2.3.1

Description The issue allows a remote attacker on the same network to perform any HTTP request to an unauthenticated page, forcing the server to generate a SESSION ID. Using this SESSION ID, an attacker can then perform authenticated requests.

Recommendations For Comfast router CF-WR6110N version 2.3.1, consider restricting access to unauthenticated pages to prevent the generation of a SESSION ID until a patch is available. As a temporary workaround, disabling the use of SESSION ID for authentication may help minimize the risk of exploitation.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2022-45724

Affected Products

Comfast Cf-Wr6110N

PT-2023-14736 · Comfast · Comfast Cf-Wr6110N

CVE-2022-45724

Weakness Enumeration

Related Identifiers

Affected Products

References · 9