CVE-2026-12814 | Comfast CF-WR631AX V3 up to 2.7.0.8 API Endpoint mbox-config?section=ping_config system destination os command injection

A vulnerability marked as critical has been reported in Comfast CF-WR631AX V3 up to 2.7.0.8. This issue affects the function system of the file /cgi-bin/mbox-config?section=ping_config of the component API Endpoint. This manipulation of the argument destination causes os command injection.

This vulnerability is tracked as CVE-2026-12814. The attack is possible to be carried out remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-12814 | Comfast CF-WR631AX V3 up to 2.7.0.8 API Endpoint mbox-config?section=ping_config system destination os command injection

Post correlati

CVE-2024-9372 | WP Blocks Hub Plugin up to 1.0.2 on WordPress SVG File Upload cross site scripting

CVE-2023-6134 | JBoss KeyCloak Incomplete Fix CVE-2020-10748 redirect_uri cross site scripting

CVE-2024-5735 | Nikola Vasilijevski AdmirorFrames up to 4.x on Joomla afHelper.php unknown vulnerability

CVE-2024-2012 | Hitachi Energy FOXMAN-UN/UNEM API Gateway authentication bypass