MidnightBSD

Advisories for comfast_project

CVE-2022-47697

COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 and before is vulnerable to Account takeover. Anyone can reset the password of the admin accounts.

Products Affected

Vendor Product Version
comfast_project cf-wr623n_firmware *
CVE-2022-47698

COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 is vulnerable to Cross Site Scripting (XSS) via the URL filtering feature in the router.

Products Affected

Vendor Product Version
comfast_project cf-wr623n_firmware 2.3.0.1
CVE-2022-47699

COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 is vulnerable to Incorrect Access Control.

Products Affected

Vendor Product Version
comfast_project cf-wr623n_firmware 2.3.0.1
CVE-2022-47700

COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 and before is vulnerable to Incorrect Access Control. Improper authentication allows requests to be made to back-end scripts without a valid session or authentication.

Products Affected

Vendor Product Version
comfast_project cf-wr623n_firmware *
CVE-2022-47701

COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 is vulnerable to Cross Site Scripting (XSS).

Products Affected

Vendor Product Version
comfast_project cf-wr623n_firmware 2.3.0.1