Primary

Context

Comfast CF-AC100 Command Injection Vulnerability

Vulnerability

A command injection vulnerability exists in the Comfast CF-AC100 access point running firmware version 2.6.0.8. The issue arises in the web management component, specifically within the 'sub_41DBC0' method. The vulnerability allows remote attackers to execute arbitrary commands by sending crafted HTTP POST requests to the '/cgi-bin/mbox-config?method=SET&section=ntp_timezone' endpoint. The 'timestr' parameter is not properly validated, enabling the injection of malicious payloads that are executed on the server.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the device.

Reproduction

To reproduce this vulnerability, log into the Comfast CF-AC100 access point and obtain a session cookie. Then, send a POST request to '/cgi-bin/mbox-config?method=SET&section=ntp_timezone' with a JSON payload that includes a crafted 'timestr' value designed to inject and execute commands. The injected commands will be executed with the privileges of the web server user.

Added: Mar 20, 2026, 2:18 AM

Updated: Mar 20, 2026, 2:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.6

remediation

0.0

relevance

4.6

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.6

remediation

0.0

relevance

4.6

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Comfast CF-AC100 Command Injection Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating