Comfast
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Comfast product.
RSS Feeds for Comfast security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Comfast products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Comfast Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2026 there have been 11 vulnerabilities in Comfast with an average score of 5.6 out of ten. Comfast did not have any published security vulnerabilities last year. That is, 11 more vulnerabilities have already been reported in 2026 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 11 | 5.57 |
| 2025 | 0 | 0.00 |
| 2024 | 1 | 9.80 |
| 2023 | 2 | 7.10 |
It may take a day or so for new Comfast vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Comfast Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2026-12814 | Jun 21, 2026 |
Comfast CF-WR631AX V3 2.7.0.8 API Endpoint OS Command InjectionA flaw has been found in Comfast CF-WR631AX V3 up to 2.7.0.8. This issue affects the function system of the file /cgi-bin/mbox-config?section=ping_config of the component API Endpoint. This manipulation of the argument destination causes os command injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
Cf Wr631ax V3
|
| CVE-2026-6799 | Apr 21, 2026 |
Command Injection in Comfast CF-N1-S 2.6.0.1 Endpoint cgi-bin/mbox-configA security flaw has been discovered in Comfast CF-N1-S 2.6.0.1. Affected by this issue is some unknown functionality of the file /cgi-bin/mbox-config?method=SET§ion=ping_config of the component Endpoint. Performing a manipulation of the argument destination results in command injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. |
|
| CVE-2026-4468 | Mar 20, 2026 |
Comfast CF-AC100 2.6.0.8 Remote Cmd Injection via /cgi-bin/mbox-configA vulnerability was determined in Comfast CF-AC100 2.6.0.8. Affected is an unknown function of the file /cgi-bin/mbox-config?method=SET§ion=update_interface_png. This manipulation causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. |
Cf Ac100 Firmware
|
| CVE-2026-4467 | Mar 20, 2026 |
Comfast CF-AC100 2.6.0.8 RCE via /cgi-bin/mbox-config command injectionA vulnerability was found in Comfast CF-AC100 2.6.0.8. This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET§ion=wireless_device_dissoc. The manipulation results in command injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. |
Cf Ac100 Firmware
|
| CVE-2026-4466 | Mar 20, 2026 |
CMDINJ in Comfast CF-AC100 2.6.0.8 via /cgi-bin/mbox-configA vulnerability has been found in Comfast CF-AC100 2.6.0.8. This affects an unknown function of the file /cgi-bin/mbox-config?method=SET§ion=ntp_timezone. The manipulation leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
Cf Ac100 Firmware
|
| CVE-2026-3798 | Mar 09, 2026 |
Remote Command Injection in Comfast CF-AC100 2.6.0.8 Request Path HandlerA vulnerability was detected in Comfast CF-AC100 2.6.0.8. This affects the function sub_44AC14 of the file /cgi-bin/mbox-config?method=SET§ion=ping_config of the component Request Path Handler. The manipulation results in command injection. The attack may be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
|
| CVE-2026-2824 | Feb 20, 2026 |
Command Injection in Comfast CF-E7 2.6.0.9 Webmggnt RemoteA flaw has been found in Comfast CF-E7 2.6.0.9. This affects the function sub_441CF4 of the file /cgi-bin/mbox-config?method=SET§ion=ping_config of the component webmggnt. Executing a manipulation of the argument destination can lead to command injection. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
Cf E7 Firmware
|
| CVE-2026-2823 | Feb 20, 2026 |
CmdInj in Comfast CF-E7 2.6.0.9 webmggnt via timestrA vulnerability was detected in Comfast CF-E7 2.6.0.9. The impacted element is the function sub_41ACCC of the file /cgi-bin/mbox-config?method=SET§ion=ntp_timezone of the component webmggnt. Performing a manipulation of the argument timestr results in command injection. The attack is possible to be carried out remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
Cf E7 Firmware
|
| CVE-2026-2537 | Feb 16, 2026 |
Command Injection in Comfast CF-E4 2.6.0.1 HTTP POST HandlerA vulnerability was identified in Comfast CF-E4 2.6.0.1. This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET§ion=ntp_timezone of the component HTTP POST Request Handler. Such manipulation of the argument timestr leads to command injection. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. |
|
| CVE-2026-2535 | Feb 16, 2026 |
Command Injection in Comfast CF-N1 V2 2.6.0.2 /cgi-bin/mbox-configA vulnerability was found in Comfast CF-N1 V2 2.6.0.2. The impacted element is the function sub_44AB9C of the file /cgi-bin/mbox-config?method=SET§ion=ptest_channel. The manipulation of the argument channel results in command injection. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. |
|
| CVE-2026-2534 | Feb 16, 2026 |
Command Injection in Comfast CFN1 V2 2.6.0.2 /cgi-bin/mbox-config (bandwidth)A vulnerability has been found in Comfast CF-N1 V2 2.6.0.2. The affected element is the function sub_44AC4C of the file /cgi-bin/mbox-config?method=SET§ion=ptest_bandwidth. The manipulation of the argument bandwidth leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
|
| CVE-2024-44466 | Sep 11, 2024 |
COMFAST CF-XR11 v2.7.2 Command Injection via iface ParameterCOMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter iface. |
Cf Xr11 Firmware
|
| CVE-2022-45725 | Feb 13, 2023 |
RCE in Comfast CFWR6110N V2.3.1 via HTTP POST (Input Validation)Improper Input Validation in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to execute arbitrary code on the target via an HTTP POST request |
Cf Wr610n Firmware
|
| CVE-2022-45724 | Feb 13, 2023 |
CVE-2022-45724: Unauthorized SESSION_ID via HTTP on Comfast CF-WR6110N V2.3.1Incorrect Access Control in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to perform any HTTP request to an unauthenticated page to force the server to generate a SESSION_ID, and using this SESSION_ID an attacker can then perform authenticated requests. |
Cf Wr610n Firmware
|