comfast CVE Vulnerabilities & Metrics

Focus on comfast vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About comfast Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with comfast. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total comfast CVEs: 8
Earliest CVE date: 13 Feb 2023, 14:15 UTC
Latest CVE date: 11 Sep 2024, 16:15 UTC

Latest CVE reference: CVE-2024-44466

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -80.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -80.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical comfast CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 0.0

Max CVSS: 0

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	8
4.0-6.9	0
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS comfast CVEs

These are the five CVEs with the highest CVSS scores for comfast, sorted by severity first and recency.

CVE-2024-44466 comfast Published on 11 Sep 2024, 16:15 UTC (CVSS: 0)
COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter iface.
CVE-2023-38866 comfast Published on 15 Aug 2023, 20:15 UTC (CVSS: 0)
COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_415588. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter interface and display_name.
CVE-2023-38864 comfast Published on 15 Aug 2023, 20:15 UTC (CVSS: 0)
An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the protal_delete_picname parameter in the sub_41171C function at bin/webmgnt.
CVE-2023-38865 comfast Published on 15 Aug 2023, 19:15 UTC (CVSS: 0)
COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_4143F0. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter timestr.
CVE-2023-38863 comfast Published on 15 Aug 2023, 19:15 UTC (CVSS: 0)
An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the ifname and mac parameters in the sub_410074 function at bin/webmgnt.

All CVEs for comfast

CVE-2024-44466 comfast vulnerability CVSS: 0 11 Sep 2024, 16:15 UTC

COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter iface.

CVE-2023-38866 comfast vulnerability CVSS: 0 15 Aug 2023, 20:15 UTC

COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_415588. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter interface and display_name.

CVE-2023-38864 comfast vulnerability CVSS: 0 15 Aug 2023, 20:15 UTC

An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the protal_delete_picname parameter in the sub_41171C function at bin/webmgnt.

CVE-2023-38865 comfast vulnerability CVSS: 0 15 Aug 2023, 19:15 UTC

COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_4143F0. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter timestr.

CVE-2023-38863 comfast vulnerability CVSS: 0 15 Aug 2023, 19:15 UTC

An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the ifname and mac parameters in the sub_410074 function at bin/webmgnt.

CVE-2023-38862 comfast vulnerability CVSS: 0 15 Aug 2023, 19:15 UTC

An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the destination parameter of sub_431F64 function in bin/webmgnt.

CVE-2022-45725 comfast vulnerability CVSS: 0 13 Feb 2023, 14:15 UTC

Improper Input Validation in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to execute arbitrary code on the target via an HTTP POST request

CVE-2022-45724 comfast vulnerability CVSS: 0 13 Feb 2023, 14:15 UTC

Incorrect Access Control in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to perform any HTTP request to an unauthenticated page to force the server to generate a SESSION_ID, and using this SESSION_ID an attacker can then perform authenticated requests.