PT-2023-26644 · Comfast · Comfast Cf-Xr11
Tty
+1
·
Published
2023-08-15
·
Updated
2023-08-22
·
CVE-2023-38863
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
COMFAST CF-XR11 version 2.7.2
Description
An issue in the software allows an attacker to execute arbitrary code via the
ifname and mac parameters in the sub 410074 function at bin/webmgnt.Recommendations
For COMFAST CF-XR11 version 2.7.2, consider disabling the
sub 410074 function as a temporary workaround until a patch is available. Restrict access to the bin/webmgnt module to minimize the risk of exploitation. Avoid using the ifname and mac parameters in the affected function until the issue is resolved.Exploit
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Comfast Cf-Xr11