CVE-2026-2823 | Comfast CF-E7 2.6.0.9 webmggnt mbox-config?method=SET&section=ntp_timezone sub_41ACCC timestr command injection

A vulnerability classified as critical has been found in Comfast CF-E7 2.6.0.9. The impacted element is the function sub_41ACCC of the file /cgi-bin/mbox-config?method=SET&section=ntp_timezone of the component webmggnt. Performing a manipulation of the argument timestr results in command injection.

This vulnerability is reported as CVE-2026-2823. The attack is possible to be carried out remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-2823 | Comfast CF-E7 2.6.0.9 webmggnt mbox-config?method=SET&section=ntp_timezone sub_41ACCC timestr command injection

Post correlati

CVE-2024-47866 | Ceph RGW Module denial of service

CVE-2024-26931 | Linux Kernel up to 6.9-rc1 qla2xxx null pointer dereference

CVE-2024-47363 | Blockspare Plugin up to 3.2.4 on WordPress During Web Page cross site scripting

CVE-2024-54047 | Adobe Connect up to 11.4.7/12.6 cross site scripting (apsb24-99)