CVE-2026-15511

CRITICAL

Comfast CF-WR631AX V3 FastCGI Backend webmgnt system_wl_upload_pic_file os command injection

Title source: cna
STIX 2.1

Description

A vulnerability was determined in Comfast CF-WR631AX V3 up to 2.7.0.8. Affected by this vulnerability is the function system_wl_upload_pic_file of the file /usr/bin/webmgnt of the component FastCGI Backend. This manipulation of the argument filename causes os command injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

References (5)

Core 5
Core References
Vdb Entry, Technical Description vdb-entry technical-description
VDB-377840 | Comfast CF-WR631AX V3 FastCGI Backend webmgnt system_wl_upload_pic_file os command injection
https://vuldb.com/vuln/377840
Signature, Permissions Required signature permissions-required
VDB-377840 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/377840/cti
Third Party Advisory third-party-advisory
CVE-2026-15511 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-15511
Third Party Advisory third-party-advisory
Submit #846719 | Comfast (Shenzhen Four Seas Global Link Network Technology Co., CF-WR631AX V3 V2.7.0.8 OS Command Injection
https://vuldb.com/submit/846719

Scores

CVSS v3 9.8
EPSS 0.0269
EPSS Percentile 84.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-77 CWE-78
Status published
Products (9)
Comfast/CF-WR631AX V3 2.7.0.0
Comfast/CF-WR631AX V3 2.7.0.1
Comfast/CF-WR631AX V3 2.7.0.2
Comfast/CF-WR631AX V3 2.7.0.3
Comfast/CF-WR631AX V3 2.7.0.4
Comfast/CF-WR631AX V3 2.7.0.5
Comfast/CF-WR631AX V3 2.7.0.6
Comfast/CF-WR631AX V3 2.7.0.7
Comfast/CF-WR631AX V3 2.7.0.8
Published Jul 12, 2026
Tracked Since Jul 13, 2026