CVE-2026-12814

Name of the Vulnerable Software and Affected Versions Comfast CF-WR631AX V3 versions prior to 2.7.0.8

Description A remote OS command injection flaw exists in the API Endpoint component. The issue occurs within the system function of the '/cgi-bin/mbox-config?section=ping config' endpoint when the destination argument is manipulated. This allows a remote attacker to execute arbitrary operating system commands.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.