Comfast Cf-xr11 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Comfast Cf-xr11 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2023-38862 — CVSS 9.8 (critical): An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the destination parameter of sub_431F64 function in…
CVE-2023-38863 — CVSS 9.8 (critical): An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the ifname and mac parameters in the sub_410074…
CVE-2023-38864 — CVSS 9.8 (critical): An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the protal_delete_picname parameter in the sub_41171C…
CVE-2023-38865 — CVSS 9.8 (critical): COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_4143F0. Attackers can send POST request messages to…
CVE-2023-38866 — CVSS 9.8 (critical): COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_415588. Attackers can send POST request messages to…
CVE-2024-44466 — CVSS 9.8 (critical): COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. Attackers can send POST request messages to…
CVE-2025-57293 — CVSS 8.8 (high): A command injection vulnerability in COMFAST CF-XR11 (firmware V2.7.2) exists in the multi_pppoe API, processed by the sub_423930 function…