Skip to main content

Cf E4 Firmware

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-2537 LOW POC Monitor

Command injection in Comfast CF-E4 2.6.0.1 firmware allows remote attackers with high privileges to execute arbitrary commands through the timestr parameter in the NTP timezone configuration endpoint. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early disclosure notification. The attack requires network access and high-level authentication but carries a low CVSS score due to limited scope of impact.

Command Injection Cf E4 Firmware
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.2%
CVE-2026-2537
EPSS 0% CVSS 2.0
LOW POC Monitor

Command injection in Comfast CF-E4 2.6.0.1 firmware allows remote attackers with high privileges to execute arbitrary commands through the timestr parameter in the NTP timezone configuration endpoint. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early disclosure notification. The attack requires network access and high-level authentication but carries a low CVSS score due to limited scope of impact.

Command Injection Cf E4 Firmware
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy