Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
A vulnerability was found in Comfast CF-AC100 2.6.0.8. This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET§ion=wireless_device_dissoc. The manipulation results in command injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Command injection in Comfast CF-AC100 2.6.0.8 wireless configuration endpoint allows unauthenticated remote attackers to execute arbitrary commands with elevated privileges through the /cgi-bin/mbox-config interface. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early notification. The attack requires network access but no user interaction, making it readily exploitable in exposed deployments.
Technical ContextAI
The vulnerability is classified as CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component), which describes insufficient input sanitization allowing command injection attacks. The affected component is a CGI binary handler (/cgi-bin/mbox-config) in the Comfast CF-AC100 wireless router firmware version 2.6.0.8. The vulnerable function processes the 'method=SET§ion=wireless_device_dissoc' parameters without properly escaping shell metacharacters, allowing an attacker to inject shell commands that are executed in the context of the router's web server process. This is a classic OS command injection vulnerability where user-supplied input is passed unsanitized to system() or similar shell execution functions.
RemediationAI
No official patch is available from Comfast as the vendor did not respond to early disclosure. Organizations should consider replacing or retiring affected CF-AC100 units with alternative wireless routers from vendors with active security support. If continued use is mandatory, implement compensating controls: (1) Restrict network access to the CGI interface via firewall rules, allowing administrative access only from trusted IP ranges; (2) Disable remote management features if not required and ensure administrative access is limited to local network only; (3) Monitor router logs for suspicious CGI requests to /cgi-bin/mbox-config with unusual parameter values; (4) Implement network segmentation to isolate the router from critical systems. Until replacement, do not expose the management interface to untrusted networks.
Same technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-13515