Access Control Flaw in Comfast CF-WR6110N Router Allows Unauthorized Requests
CVE-2022-45724

5.4MEDIUM

Key Information:

Vendor: Comfast
Status: Cf-wr610n Firmware
Vendor: CVE Published:; 13 February 2023

What is CVE-2022-45724?

The Comfast CF-WR6110N router version V2.3.1 suffers from an incorrect access control vulnerability, enabling remote attackers within the same network to exploit unauthenticated pages. This flaw allows them to generate a SESSION_ID, which can be used to perform authenticated requests. Malicious users can leverage this weakness to gain unauthorized access to sensitive functions of the router, posing significant security risks.

References

http://cf-wr6110n.com

http://comfast.com

http://sn0ox.com/research/2023/02/05/CVE-COMFAST-CF-WR610...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 13, 2023
Vulnerability Reserved
Nov 21, 2022

CVE-2022-45724 Data

JSON