CVE-2026-2824 | Comfast CF-E7 2.6.0.9 webmggnt mbox-config?method=SET&section=ping_config sub_441CF4 destination command injection

Inserito da Angelo Barbosa | Feb 19, 2026 | CVE

A vulnerability classified as critical was found in Comfast CF-E7 2.6.0.9. This affects the function sub_441CF4 of the file /cgi-bin/mbox-config?method=SET&section=ping_config of the component webmggnt. Executing a manipulation of the argument destination can lead to command injection.

This vulnerability appears as CVE-2026-2824. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-2824 | Comfast CF-E7 2.6.0.9 webmggnt mbox-config?method=SET&section=ping_config sub_441CF4 destination command injection

Post correlati

CVE-2025-8729 | MigoXLab LMeterX 1.2.0 upload_service.py process_cert_files task_id path traversal (Issue 10)

CVE-2024-45327 | Fortinet FortiSOAR up to 7.0.3/7.2.2/7.3.2/7.4.3 Change Password Endpoint excessive authentication (FG-IR-24-048)

CVE-2023-44031 | Reprise License Manager 15.1 HTTP POST Request /diagnostics_doit outputfile access control

CVE-2024-44087 | Siemens Automation License Manager up to 5.x/6.2 Upd2 TCP Port 4410 integer overflow (ssa-103653)