제출 #846719: Comfast (Shenzhen Four Seas Global Link Network Technology Co., CF-WR631AX V3 V2.7.0.8 OS Command Injection정보

제목Comfast (Shenzhen Four Seas Global Link Network Technology Co., CF-WR631AX V3 V2.7.0.8 OS Command Injection
설명The Comfast CF-WR631AX V3 firmware V2.7.0.8 contains an unauthenticated OS command injection vulnerability in the web management FastCGI backend (/usr/bin/webmgnt). The system_wl_upload_pic_file handler (used for WiFi Portal image uploads) extracts a user-supplied filename from the JSON POST body, splices it directly into a shell command via sprintf(), and executes it through system() as root. No input validation, character filtering, or shell escaping is performed at any point in the chain. Attackers on the LAN (or WAN if remote management is exposed) can send a crafted HTTP POST request with shell metacharacters in the filename field to execute arbitrary commands with root privileges.
원천⚠️ https://github.com/luminarydawn/cve/tree/main/Command%20Injection%20in%20Comfast%20CF-WR631AX%20V3%20%E2%80%94%20WiFi%20Portal%20Image%20Upload%20(CWE-78)
사용자
 luminarydawn (UID 98723)
제출2026. 06. 03. AM 07:19 (1 월 ago)
모더레이션2026. 07. 12. AM 08:00 (1 month later)
상태수락
VulDB 항목377840 [Comfast CF-WR631AX V3 까지 2.7.0.8 FastCGI Backend /usr/bin/webmgnt system_wl_upload_pic_file filename 권한 상승]
포인트들20

Do you want to use VulDB in your project?

Use the official API to access entries easily!