CVE-2022-45725
HIGHComfast CF-WR610N Firmware V2.3.1 - Remote Code Execution via HTTP POST Request
Title source: llmDescription
Improper Input Validation in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to execute arbitrary code on the target via an HTTP POST request
References (3)
Core 3
Core References
Broken Link
http://cf-wr6110n.com
Broken Link
http://comfast.com
Exploit, Third Party Advisory
http://sn0ox.com/research/2023/02/05/CVE-COMFAST-CF-WR610N.html
Scores
CVSS v3
8.8
EPSS
0.0877
EPSS Percentile
94.5%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-20
Status
published
Products (1)
comfast/cf-wr610n_firmware
2.3.1
Published
Feb 13, 2023
Tracked Since
Feb 18, 2026