Cf E4 Firmware

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-2537 MEDIUM POC This Month

Command injection in Comfast CF-E4 2.6.0.1 firmware allows remote attackers with high privileges to execute arbitrary commands through the timestr parameter in the NTP timezone configuration endpoint. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early disclosure notification. The attack requires network access and high-level authentication but carries a low CVSS score due to limited scope of impact.

Command Injection Cf E4 Firmware

NVD GitHub VulDB

CVSS 3.1

4.7

EPSS

0.2%

CVE-2026-2537

EPSS 0% CVSS 4.7

MEDIUM POC This Month

Command injection in Comfast CF-E4 2.6.0.1 firmware allows remote attackers with high privileges to execute arbitrary commands through the timestr parameter in the NTP timezone configuration endpoint. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early disclosure notification. The attack requires network access and high-level authentication but carries a low CVSS score due to limited scope of impact.

Command Injection Cf E4 Firmware

NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy