CVE-2026-2823 | Comfast CF-E7 2.6.0.9 webmggnt mbox-config?method=SET§ion=ntp_timezone sub_41ACCC timestr command injection
A vulnerability classified as critical has been found in Comfast CF-E7 2.6.0.9. The impacted element is the function sub_41ACCC of the file /cgi-bin/mbox-config?method=SET§ion=ntp_timezone of the component webmggnt. Performing a manipulation of the argument timestr results in command injection.
This vulnerability is reported as CVE-2026-2823. The attack is possible to be carried out remotely. Moreover, an exploit is present.
The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More