Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

CVE-2026-15511: OS Command Injection in Comfast CF-WR631AX V3

0
Critical
VulnerabilityCVE-2026-15511cvecve-2026-15511
Published: 07/12/2026 (07/12/2026, 23:00:09 UTC)
Source: CVE Database V5
Vendor/Project: Comfast
Product: CF-WR631AX V3

Description

CVE-2026-15511 is a critical OS command injection vulnerability in the Comfast CF-WR631AX V3 router firmware versions 2.7.0.0 through 2.7.0.8. The flaw exists in the FastCGI backend component, specifically in the system_wl_upload_pic_file function of /usr/bin/webmgnt, where improper handling of the filename argument allows remote attackers to execute arbitrary OS commands. The vulnerability is remotely exploitable without authentication. The vendor has not responded to disclosure requests and no official patch or remediation is currently available. The exploit details have been publicly disclosed.

CVSS v4.0

Score 9.3critical

Attack Vector
Network
Attack Complexity
Low
Attack Requirements
None
Privileges Required
None
User Interaction
None
Vuln. Confidentiality
High
Vuln. Integrity
High
Vuln. Availability
High
Subsq. Confidentiality
None
Subsq. Integrity
None
Subsq. Availability
None
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Affected software

Affected versions
=2.7.0.0=2.7.0.1=2.7.0.2=2.7.0.3=2.7.0.4=2.7.0.5=2.7.0.6=2.7.0.7=2.7.0.8>=2.7.0.0 <=2.7.0.8
CPE configurations
cpe:2.3:a:comfast:cf-wr631ax_v3:*:*:*:*:*:*:*:*

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/12/2026, 23:32:30 UTC

Technical Analysis

This vulnerability affects Comfast CF-WR631AX V3 firmware versions 2.7.0.0 to 2.7.0.8. The issue lies in the system_wl_upload_pic_file function within the FastCGI backend (/usr/bin/webmgnt), where manipulation of the filename argument leads to OS command injection. This allows an unauthenticated remote attacker to execute arbitrary commands on the device. The vulnerability has a CVSS 4.0 score of 9.3 (critical) indicating high impact and ease of exploitation. The vendor was contacted but did not provide any response or patch. No official remediation or fix is currently documented.

Potential Impact

Successful exploitation allows unauthenticated remote attackers to execute arbitrary operating system commands on the affected device, potentially leading to full compromise of the router. This can result in unauthorized control, data interception, or disruption of network services. The vulnerability is critical due to its remote, unauthenticated nature and high impact on confidentiality, integrity, and availability.

Mitigation Recommendations

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the vendor has not responded or released a fix, users should consider mitigating exposure by restricting network access to the device's management interface, disabling remote management if possible, or isolating the device until a patch is available. Monitor vendor channels for updates and apply official patches immediately once released.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Data Version
5.2
Assigner Short Name
VulDB
Date Reserved
2026-07-12T06:00:12.846Z
Cvss Version
4.0
State
PUBLISHED
Remediation Level
null

Threat ID: 6a5420ac68715ace438db1d8

Added to database: 07/12/2026, 23:18:04 UTC

Last enriched: 07/12/2026, 23:32:30 UTC

Last updated: 07/13/2026, 01:02:16 UTC

Views: 23

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses