CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-44466

COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter iface.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.19

EPSS Ranking 95.1%

CVSS Severity

CVSS v3 Score 9.8

References

https://github.com/CurryRaid/iot_vul/tree/main/comfast

Products affected by CVE-2024-44466

Comfast » Cf-Xr11 » Version: N/A

cpe:2.3:h:comfast:cf-xr11:-
Comfast » Cf-Xr11 Firmware » Version: 2.7.2

cpe:2.3:o:comfast:cf-xr11_firmware:2.7.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-44466

Products

Pricing

Contact Us