PT-2023-26645 · Comfast · Comfast Cf-Xr11
Tty
+1
·
Published
2023-08-15
·
Updated
2023-08-22
·
CVE-2023-38864
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
COMFAST CF-XR11 version 2.7.2
Description
An issue in COMFAST CF-XR11 allows an attacker to execute arbitrary code via the
protal delete picname parameter in the sub 41171C function at bin/webmgnt.Recommendations
For COMFAST CF-XR11 version 2.7.2, consider disabling the
sub 41171C function until a patch is available. Restrict access to the bin/webmgnt module to minimize the risk of exploitation. Avoid using the protal delete picname parameter in the affected API endpoint until the issue is resolved.Exploit
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Comfast Cf-Xr11