Vulnerability Details CVE-2023-38866
COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_415588. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter interface and display_name.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 77.5%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2023-38866
-
cpe:2.3:h:comfast:cf-xr11:-
-
cpe:2.3:o:comfast:cf-xr11_firmware:2.7.2