Description
A vulnerability has been found in Comfast CF-AC100 2.6.0.8. This affects an unknown function of the file /cgi-bin/mbox-config?method=SET&section=ntp_timezone. The manipulation leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-03-20
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Command Injection (Remote Execution)
Action: Apply Patch
AI Analysis

Impact

A command injection vulnerability exists in the Comfast CF-AC100 firmware 2.6.0.8 when the /cgi-bin/mbox-config endpoint is called with method=SET and section=ntp_timezone. The flaw allows an attacker to inject arbitrary shell commands, leading to remote code execution. It is classified under CWE-74 and CWE-77.

Affected Systems

The vulnerability affects Comfast CF-AC100 devices running firmware 2.6.0.8. No other version information is provided in the CNA data.

Risk and Exploitability

The CVSS score is 5.1, indicating moderate severity. EPSS data is not available, and the vulnerability is not currently listed in CISA’s KEV catalog. Exploitation is possible over the network via the web interface, so the attack vector is remote. Because the exploit code is publicly disclosed, attackers may attempt to compromise affected devices without additional conditions. The risk persists until a vendor patch or mitigated configuration is applied.

Generated by OpenCVE AI on March 20, 2026 at 03:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check for and install the latest Comfast firmware update that addresses the command injection issue
  • If no update is available, restrict access to the /cgi-bin/mbox-config endpoint by configuring firewall or ACL rules to allow only trusted IPs
  • Monitor access logs for suspicious requests to /cgi-bin/mbox-config and investigate anomalies promptly

Generated by OpenCVE AI on March 20, 2026 at 03:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 20 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 20 Mar 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Comfast cf-ac100
Vendors & Products Comfast cf-ac100

Fri, 20 Mar 2026 02:15:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in Comfast CF-AC100 2.6.0.8. This affects an unknown function of the file /cgi-bin/mbox-config?method=SET&section=ntp_timezone. The manipulation leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title Comfast CF-AC100 mbox-config command injection
First Time appeared Comfast
Comfast cf-ac100 Firmware
Weaknesses CWE-74
CWE-77
CPEs cpe:2.3:o:comfast:cf-ac100_firmware:*:*:*:*:*:*:*:*
Vendors & Products Comfast
Comfast cf-ac100 Firmware
References
Metrics cvssV2_0

{'score': 5.8, 'vector': 'AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.7, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Comfast Cf-ac100 Cf-ac100 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-20T18:08:46.660Z

Reserved: 2026-03-19T20:32:14.918Z

Link: CVE-2026-4466

cve-icon Vulnrichment

Updated: 2026-03-20T17:56:58.721Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-20T02:16:40.313

Modified: 2026-03-20T13:37:50.737

Link: CVE-2026-4466

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T10:37:52Z

Weaknesses