Cf E7 Firmware

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-2824 MEDIUM POC This Month

Cf-E7 Firmware versions up to 2.6.0.9 contains a vulnerability that allows attackers to command injection (CVSS 6.3).

Command Injection Cf E7 Firmware
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.3%
CVE-2026-2823 MEDIUM POC This Month

Command injection in Comfast CF-E7 firmware versions 2.6.0.9 and earlier allows remote authenticated attackers to execute arbitrary commands through the timestr parameter in the NTP timezone configuration function. Public exploit code exists for this vulnerability, and the vendor has not provided patches despite early notification. An attacker with valid credentials can achieve remote code execution with medium impact on confidentiality, integrity, and availability.

Command Injection Cf E7 Firmware
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.3%
CVE-2026-2824
EPSS 0% CVSS 6.3
MEDIUM POC This Month

Cf-E7 Firmware versions up to 2.6.0.9 contains a vulnerability that allows attackers to command injection (CVSS 6.3).

Command Injection Cf E7 Firmware
NVD GitHub VulDB
CVE-2026-2823
EPSS 0% CVSS 6.3
MEDIUM POC This Month

Command injection in Comfast CF-E7 firmware versions 2.6.0.9 and earlier allows remote authenticated attackers to execute arbitrary commands through the timestr parameter in the NTP timezone configuration function. Public exploit code exists for this vulnerability, and the vendor has not provided patches despite early notification. An attacker with valid credentials can achieve remote code execution with medium impact on confidentiality, integrity, and availability.

Command Injection Cf E7 Firmware
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy