Comfast Cf-N1 vulnerabilities
6 known vulnerabilities affecting comfast/cf-n1.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH4
Vulnerabilities
Page 1 of 1
CVE-2025-9584P2HIGHCVSS 8.8v2.6.02025-08-28
CVE-2025-9584 [HIGH] CWE-74 CVE-2025-9584: A vulnerability was found in Comfast CF-N1 2.6.0. Affected by this issue is the function update_inte
A vulnerability was found in Comfast CF-N1 2.6.0. Affected by this issue is the function update_interface_png of the file /usr/bin/webmgnt. The manipulation of the argument interface/display_name results in command injection. The attack can be executed remotely. The exploit has been made public and could be used.
nvd
CVE-2025-9581P2CRITICALCVSS 9.8v2.6.02025-08-28
CVE-2025-9581 [CRITICAL] CWE-74 CVE-2025-9581: A vulnerability was detected in Comfast CF-N1 2.6.0. This impacts the function multi_pppoe of the fi
A vulnerability was detected in Comfast CF-N1 2.6.0. This impacts the function multi_pppoe of the file /usr/bin/webmgnt. Performing manipulation of the argument phy_interface results in command injection. The attack may be initiated remotely. The exploit is now public and may be used.
nvd
CVE-2025-9583P2HIGHCVSS 8.8v2.6.02025-08-28
CVE-2025-9583 [HIGH] CWE-74 CVE-2025-9583: A vulnerability has been found in Comfast CF-N1 2.6.0. Affected by this vulnerability is the functio
A vulnerability has been found in Comfast CF-N1 2.6.0. Affected by this vulnerability is the function ping_config of the file /usr/bin/webmgnt. The manipulation leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
nvd
CVE-2025-9586P2HIGHCVSS 8.8v2.6.02025-08-28
CVE-2025-9586 [HIGH] CWE-74 CVE-2025-9586: A vulnerability was identified in Comfast CF-N1 2.6.0. This vulnerability affects the function wirel
A vulnerability was identified in Comfast CF-N1 2.6.0. This vulnerability affects the function wireless_device_dissoc of the file /usr/bin/webmgnt. Such manipulation of the argument mac leads to command injection. The attack may be performed from a remote location. The exploit is publicly available and might be used.
nvd
CVE-2025-9582P2CRITICALCVSS 9.8v2.6.02025-08-28
CVE-2025-9582 [CRITICAL] CWE-74 CVE-2025-9582: A flaw has been found in Comfast CF-N1 2.6.0. Affected is the function ntp_timezone of the file /usr
A flaw has been found in Comfast CF-N1 2.6.0. Affected is the function ntp_timezone of the file /usr/bin/webmgnt. Executing manipulation of the argument timestr can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used.
nvd
CVE-2025-9585P2HIGHCVSS 8.8v2.6.02025-08-28
CVE-2025-9585 [HIGH] CWE-74 CVE-2025-9585: A vulnerability was determined in Comfast CF-N1 2.6.0. This affects the function wifilith_delete_pic
A vulnerability was determined in Comfast CF-N1 2.6.0. This affects the function wifilith_delete_pic_file of the file /usr/bin/webmgnt. This manipulation of the argument portal_delete_picname causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
nvd