A command injection vulnerability in COMFAST CF-XR11 (firmware V2.7.2) exists in the multi_pppoe API, processed by the sub_423930 function in /usr/bin/webmgnt. The phy_interface parameter is not sanitized, allowing attackers to inject arbitrary commands via a POST request to /cgi-bin/mbox-config?method=SET§ion=multi_pppoe. When the action parameter is set to "one_click_redial", the unsanitized phy_interface is used in a system() call, enabling execution of malicious commands. This can lead to unauthorized access to sensitive files, execution of arbitrary code, or full device compromise.
Metrics
Affected Vendors & Products
No data.
No data.
No data.
No data.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Thu, 18 Sep 2025 21:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A command injection vulnerability in COMFAST CF-XR11 (firmware V2.7.2) exists in the multi_pppoe API, processed by the sub_423930 function in /usr/bin/webmgnt. The phy_interface parameter is not sanitized, allowing attackers to inject arbitrary commands via a POST request to /cgi-bin/mbox-config?method=SET§ion=multi_pppoe. When the action parameter is set to "one_click_redial", the unsanitized phy_interface is used in a system() call, enabling execution of malicious commands. This can lead to unauthorized access to sensitive files, execution of arbitrary code, or full device compromise. | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-09-18T20:41:46.775Z
Reserved: 2025-08-17T00:00:00.000Z
Link: CVE-2025-57293
Vulnrichment
No data.
NVD
Status : Received
Published: 2025-09-18T21:15:49.203
Modified: 2025-09-18T21:15:49.203
Link: CVE-2025-57293
Redhat
No data.
OpenCVE Enrichment
No data.