{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4466", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-19T20:32:14.918Z", "datePublished": "2026-03-20T02:02:17.642Z", "dateUpdated": "2026-03-20T02:02:17.642Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-20T02:02:17.642Z"}, "title": "Comfast CF-AC100 mbox-config command injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-77", "lang": "en", "description": "Command Injection"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-74", "lang": "en", "description": "Injection"}]}], "affected": [{"vendor": "Comfast", "product": "CF-AC100", "versions": [{"version": "2.6.0.8", "status": "affected"}], "cpes": ["cpe:2.3:o:comfast:cf-ac100_firmware:*:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Comfast CF-AC100 2.6.0.8. This affects an unknown function of the file /cgi-bin/mbox-config?method=SET&section=ntp_timezone. The manipulation leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.7, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5.8, "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-03-19T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-19T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-19T21:37:26.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "allanp0e (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/?id.351756", "name": "VDB-351756 | Comfast CF-AC100 mbox-config command injection", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.351756", "name": "VDB-351756 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.772874", "name": "Submit #772874 | Comfast CF-AC100 V2.6.0.8 Command Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/jinhao118/cve/blob/main/ComFast%20CF-AC100-V2.6.0.8_2.md", "tags": ["exploit"]}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Comfast CF-AC100 2.6.0.8. This affects an unknown function of the file /cgi-bin/mbox-config?method=SET&section=ntp_timezone. The manipulation leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "id": "CVE-2026-4466", "lastModified": "2026-03-20T13:37:50.737", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "MULTIPLE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-20T02:16:40.313", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/jinhao118/cve/blob/main/ComFast%20CF-AC100-V2.6.0.8_2.md"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.351756"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.351756"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.772874"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-77"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "2.6.0.8"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "CF-AC100", "source": "cna", "vendor": "Comfast"}, "product": "cf-ac100", "vendor": "comfast"}], "analysis": {"en": {"generated_at": "2026-03-20T03:20:31.755513+00:00", "value": {"mitigation_remediation": ["Check for and install the latest Comfast firmware update that addresses the command injection issue", "If no update is available, restrict access to the /cgi-bin/mbox-config endpoint by configuring firewall or ACL rules to allow only trusted IPs", "Monitor access logs for suspicious requests to /cgi-bin/mbox-config and investigate anomalies promptly"], "summary": {"action": "Apply Patch", "impact": "Command Injection (Remote Execution)"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Comfast CF-AC100 devices running firmware 2.6.0.8. No other version information is provided in the CNA data.", "description_and_impact": "A command injection vulnerability exists in the Comfast CF-AC100 firmware 2.6.0.8 when the /cgi-bin/mbox-config endpoint is called with method=SET and section=ntp_timezone. The flaw allows an attacker to inject arbitrary shell commands, leading to remote code execution. It is classified under CWE-74 and CWE-77.", "risk_and_exploitability": "The CVSS score is 5.1, indicating moderate severity. EPSS data is not available, and the vulnerability is not currently listed in CISA\u2019s KEV catalog. Exploitation is possible over the network via the web interface, so the attack vector is remote. Because the exploit code is publicly disclosed, attackers may attempt to compromise affected devices without additional conditions. The risk persists until a vendor patch or mitigated configuration is applied."}}}}, "created": "2026-03-20T08:53:08.055105+00:00", "updated": "2026-03-20T10:37:52.094912+00:00", "vendors": ["comfast", "comfast$PRODUCT$cf-ac100"]}