Skip to main content

Comfast CF-AC100 CVE-2026-4467

| EUVDEUVD-2026-13515 LOW
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74)
2026-03-20 cna@vuldb.com
2.0
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.0 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

6
Severity Changed
Apr 29, 2026 - 01:11 NVD
MEDIUM LOW
CVSS changed
Apr 29, 2026 - 01:11 NVD
5.1 (MEDIUM) 2.0 (LOW)
CVSS changed
Apr 22, 2026 - 21:37 NVD
4.7 (MEDIUM) 5.1 (MEDIUM)
EUVD ID Assigned
Mar 20, 2026 - 08:37 euvd
EUVD-2026-13515
Analysis Generated
Mar 20, 2026 - 08:37 vuln.today
CVE Published
Mar 20, 2026 - 03:16 nvd
MEDIUM 4.7

DescriptionCVE.org

A vulnerability was found in Comfast CF-AC100 2.6.0.8. This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET&section=wireless_device_dissoc. The manipulation results in command injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Command injection in Comfast CF-AC100 2.6.0.8 wireless configuration endpoint allows unauthenticated remote attackers to execute arbitrary commands with elevated privileges through the /cgi-bin/mbox-config interface. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early notification. The attack requires network access but no user interaction, making it readily exploitable in exposed deployments.

Technical ContextAI

The vulnerability is classified as CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component), which describes insufficient input sanitization allowing command injection attacks. The affected component is a CGI binary handler (/cgi-bin/mbox-config) in the Comfast CF-AC100 wireless router firmware version 2.6.0.8. The vulnerable function processes the 'method=SET&section=wireless_device_dissoc' parameters without properly escaping shell metacharacters, allowing an attacker to inject shell commands that are executed in the context of the router's web server process. This is a classic OS command injection vulnerability where user-supplied input is passed unsanitized to system() or similar shell execution functions.

RemediationAI

No official patch is available from Comfast as the vendor did not respond to early disclosure. Organizations should consider replacing or retiring affected CF-AC100 units with alternative wireless routers from vendors with active security support. If continued use is mandatory, implement compensating controls: (1) Restrict network access to the CGI interface via firewall rules, allowing administrative access only from trusted IP ranges; (2) Disable remote management features if not required and ensure administrative access is limited to local network only; (3) Monitor router logs for suspicious CGI requests to /cgi-bin/mbox-config with unusual parameter values; (4) Implement network segmentation to isolate the router from critical systems. Until replacement, do not expose the management interface to untrusted networks.

Share

CVE-2026-4467 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy