Description
A vulnerability was detected in Comfast CF-AC100 2.6.0.8. This affects the function sub_44AC14 of the file /cgi-bin/mbox-config?method=SET&section=ping_config of the component Request Path Handler. The manipulation results in command injection. The attack may be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-03-09
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution via command injection
Action: Apply Patch
AI Analysis

Impact

A command injection flaw exists in the sub_44AC14 function of the /cgi-bin/mbox-config endpoint on the Comfast CF‑AC100 router firmware 2.6.0.8. By manipulating the request path or query parameters, an attacker can inject arbitrary shell commands, resulting in remote code execution. The weakness is classified as CWE‑74 (URL Path Manipulation) and CWE‑77 (Command Injection).

Affected Systems

Comfast CF‑AC100 routers running firmware version 2.6.0.8 are affected. The vulnerability is tied to the /cgi-bin/mbox-config?method=SET&section=ping_config path handler.

Risk and Exploitability

The CVSS score is 5.1, indicating moderate severity. The EPSS is reported as less than 1 percent, implying a very low current exploitation probability, and the flaw is not listed in the CISA KEV catalog. Attackers can launch the exploit remotely by sending crafted HTTP requests to the vulnerable CGI endpoint. Public exploits are available, and the vendor has not issued a response or fix at the time of this report.

Generated by OpenCVE AI on April 16, 2026 at 10:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the router firmware to a version that removes the vulnerable sub_44AC14 function or patches the command injection flaw.
  • If a firmware update is not available, restrict access to the /cgi-bin/mbox-config endpoint by implementing firewall rules or network segmentation to allow only trusted management IP addresses.
  • Apply input validation or configuration changes to prevent arbitrary shell command execution – for example, sanitize query parameters and enforce least‑privilege execution context.

Generated by OpenCVE AI on April 16, 2026 at 10:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 13 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Comfast cf-ac100 Firmware
CPEs cpe:2.3:h:encomfast:comfast_cf-ac100:-:*:*:*:*:*:*:*
cpe:2.3:o:encomfast:comfast_cf-ac100_firmware:2.6.0.8:*:*:*:*:*:*:*		 cpe:2.3:h:comfast:cf-ac100:-:*:*:*:*:*:*:*
cpe:2.3:o:comfast:cf-ac100_firmware:2.6.0.8:*:*:*:*:*:*:*
Vendors & Products Encomfast
Encomfast comfast Cf-ac100
Encomfast comfast Cf-ac100 Firmware
Comfast cf-ac100 Firmware

Tue, 10 Mar 2026 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Encomfast
Encomfast comfast Cf-ac100
Encomfast comfast Cf-ac100 Firmware
CPEs cpe:2.3:h:encomfast:comfast_cf-ac100:-:*:*:*:*:*:*:*
cpe:2.3:o:encomfast:comfast_cf-ac100_firmware:2.6.0.8:*:*:*:*:*:*:*
Vendors & Products Encomfast
Encomfast comfast Cf-ac100
Encomfast comfast Cf-ac100 Firmware

Tue, 10 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 10 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Comfast
Comfast cf-ac100
Vendors & Products Comfast
Comfast cf-ac100

Mon, 09 Mar 2026 03:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in Comfast CF-AC100 2.6.0.8. This affects the function sub_44AC14 of the file /cgi-bin/mbox-config?method=SET&section=ping_config of the component Request Path Handler. The manipulation results in command injection. The attack may be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title Comfast CF-AC100 Request Path mbox-config sub_44AC14 command injection
Weaknesses CWE-74
CWE-77
References
Metrics cvssV2_0

{'score': 5.8, 'vector': 'AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.7, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Comfast Cf-ac100 Cf-ac100 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-10T16:05:35.790Z

Reserved: 2026-03-08T11:25:38.263Z

Link: CVE-2026-3798

cve-icon Vulnrichment

Updated: 2026-03-10T16:05:32.368Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-09T04:16:02.397

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-3798

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T10:30:16Z

Weaknesses