CVE-2026-3798 is a command injection vulnerability identified in the Comfast CF-AC100 wireless access point firmware version 2.6.0.8. The vulnerability resides in the CGI script endpoint /cgi-bin/mbox-config with the method=SET and section=ping_config parameters, specifically within the sub_44AC14 function responsible for processing ping configuration requests. Improper input validation allows an attacker to inject arbitrary OS commands remotely, which the device executes with elevated privileges. This flaw does not require user interaction but does require prior authentication (as indicated by PR:H in the CVSS vector), limiting exploitation to authenticated users. The vendor was notified early but has not issued any patches or advisories. The exploit code has been publicly disclosed, increasing the risk of exploitation. The vulnerability impacts the device's command execution integrity and could lead to unauthorized control, data manipulation, or disruption of network services. The CVSS 4.0 score of 5.1 reflects a medium severity, balancing the ease of exploitation with the requirement for authentication and limited confidentiality, integrity, and availability impacts. No known active exploitation has been reported yet, but the public exploit availability necessitates proactive defense measures.

If exploited, this vulnerability allows an authenticated attacker to execute arbitrary commands on the Comfast CF-AC100 device remotely. This can lead to unauthorized control over the device, enabling attackers to manipulate network configurations, intercept or redirect traffic, deploy malware, or cause denial of service. For organizations relying on these devices for wireless connectivity, this could compromise network integrity and availability, potentially exposing sensitive internal communications or disrupting business operations. The lack of vendor response and absence of patches increase the risk of exploitation, especially in environments where these devices are deployed in critical infrastructure or enterprise networks. The medium severity rating suggests moderate risk, but the impact could escalate if attackers chain this vulnerability with others or use it as a foothold for lateral movement within networks.

1. Immediately restrict access to the management interface of Comfast CF-AC100 devices to trusted networks and administrators only, preferably via VPN or secure management VLANs. 2. Disable or restrict the vulnerable /cgi-bin/mbox-config endpoint if possible, or implement strict input validation and filtering at network perimeter devices to block suspicious payloads targeting this CGI path. 3. Monitor device logs and network traffic for unusual command execution patterns or unauthorized configuration changes. 4. Employ network segmentation to isolate vulnerable devices from critical systems to limit potential lateral movement. 5. Regularly audit and update device firmware; although no patch is currently available, stay alert for vendor advisories or community-developed fixes. 6. Consider replacing affected devices with alternatives from vendors with active security support if remediation is not feasible. 7. Enforce strong authentication mechanisms and change default credentials to reduce risk of unauthorized access. 8. Implement intrusion detection/prevention systems (IDS/IPS) with signatures targeting command injection attempts on known vulnerable endpoints.