LOW
Comfast
CVE published 2026-06-21
CVE-2026-12814
CVE-2026-12814 is a low-severity command injection vulnerability in Comfast CF-WR631AX V3 routers up to version 2.7.0.8. The vulnerability affects the /cgi-bin/mbox-config?section=ping_config API endpoint, allowing remote attackers to inject OS commands via the 'destination' argument. The CVSS score is 2.1, indicating a low severity. The exploit has been published, but the vendor did not respond to the di [truncated]