| タイトル | Comfast (Shenzhen Four Seas Global Link Network Technology Co., CF-WR631AX V3 V2.7.0.8 OS Command Injection |
|---|
| 説明 | The Comfast CF-WR631AX V3 firmware V2.7.0.8 contains an unauthenticated OS command
injection vulnerability in the web management FastCGI backend (/usr/bin/webmgnt).
The system_wl_upload_pic_file handler (used for WiFi Portal image uploads) extracts
a user-supplied filename from the JSON POST body, splices it directly into a shell
command via sprintf(), and executes it through system() as root. No input validation,
character filtering, or shell escaping is performed at any point in the chain.
Attackers on the LAN (or WAN if remote management is exposed) can send a crafted HTTP
POST request with shell metacharacters in the filename field to execute arbitrary
commands with root privileges. |
|---|
| ソース | ⚠️ https://github.com/luminarydawn/cve/tree/main/Command%20Injection%20in%20Comfast%20CF-WR631AX%20V3%20%E2%80%94%20WiFi%20Portal%20Image%20Upload%20(CWE-78) |
|---|
| ユーザー | luminarydawn (UID 98723) |
|---|
| 送信 | 2026年06月03日 07:19 (1 月 ago) |
|---|
| モデレーション | 2026年07月12日 08:00 (1 month later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 377840 [Comfast CF-WR631AX V3 迄 2.7.0.8 FastCGI Backend /usr/bin/webmgnt system_wl_upload_pic_file filename 特権昇格] |
|---|
| ポイント | 20 |
|---|