Product
A critical remote OS command injection vulnerability, CVE-2026-15511, affects Comfast CF-WR631AX V3 WiFi routers, allowing unauthenticated remote attackers to execute arbitrary operating system commands by manipulating the 'filename' argument in the FastCGI Backend's file upload function, leading to full device compromise.