CVE Catalog

CVE-2026-12814

MediumCVSS 6.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
1.18%

64th percentile — higher than 64% of all known CVEs

Summary

A flaw has been found in Comfast CF-WR631AX V3 up to version 2.7.0.8 affecting the system function of the file /cgi-bin/mbox-config?section=ping_config. Manipulation of the argument destination leads to remote OS command injection.

Risk Assessment

An attacker can remotely exploit this vulnerability, posing a serious security threat to the system. The ability to inject commands may lead to full control over the device.

Recommendation

It is recommended to update the device to the latest firmware version to mitigate this vulnerability. Additionally, monitor network traffic for potential attack attempts.

Original NVD description (English source)

A flaw has been found in Comfast CF-WR631AX V3 up to 2.7.0.8. This issue affects the function system of the file /cgi-bin/mbox-config?section=ping_config of the component API Endpoint. This manipulation of the argument destination causes os command injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS