CVE-2025-57293 — HIGH (8.8)

Vulnerability Description

A command injection vulnerability in COMFAST CF-XR11 (firmware V2.7.2) exists in the multi_pppoe API, processed by the sub_423930 function in /usr/bin/webmgnt. The phy_interface parameter is not sanitized, allowing attackers to inject arbitrary commands via a POST request to /cgi-bin/mbox-config?method=SET&section=multi_pppoe. When the action parameter is set to "one_click_redial", the unsanitized phy_interface is used in a system() call, enabling execution of malicious commands. This can lead to unauthorized access to sensitive files, execution of arbitrary code, or full device compromise.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Comfast	Cf-Xr11 Firmware	2.7.2
Comfast	Cf-Xr11	-

Related Weaknesses (CWE)

CWE-77

References

https://github.com/ZZ2266/.github.io/blob/main/comfast/multi_pppoe.markdownExploitThird Party Advisory

FAQ

What is CVE-2025-57293?

CVE-2025-57293 is a vulnerability with a CVSS score of 8.8 (HIGH). A command injection vulnerability in COMFAST CF-XR11 (firmware V2.7.2) exists in the multi_pppoe API, processed by the sub_423930 function in /usr/bin/webmgnt. The phy_interface parameter is not sanit...

How severe is CVE-2025-57293?

CVE-2025-57293 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-57293?

Check the references section above for vendor advisories and patch information. Affected products include: Comfast Cf-Xr11 Firmware, Comfast Cf-Xr11.