VYPR

Cf N1 Firmware

by Comfast

CVEs (8)

  • CVE-2026-2535MedFeb 16, 2026
    risk 0.41cvss 6.3epss 0.12

    A vulnerability was found in Comfast CF-N1 V2 2.6.0.2. The impacted element is the function sub_44AB9C of the file /cgi-bin/mbox-config?method=SET&section=ptest_channel. The manipulation of the argument channel results in command injection. The attack can be launched remotely.…

  • CVE-2026-2534MedFeb 16, 2026
    risk 0.41cvss 6.3epss 0.12

    A vulnerability has been found in Comfast CF-N1 V2 2.6.0.2. The affected element is the function sub_44AC4C of the file /cgi-bin/mbox-config?method=SET&section=ptest_bandwidth. The manipulation of the argument bandwidth leads to command injection. The attack can be initiated…

  • CVE-2025-9586MedAug 28, 2025
    risk 0.41cvss 6.3epss 0.08

    A vulnerability was identified in Comfast CF-N1 2.6.0. This vulnerability affects the function wireless_device_dissoc of the file /usr/bin/webmgnt. Such manipulation of the argument mac leads to command injection. The attack may be performed from a remote location. The exploit…

  • CVE-2025-9585MedAug 28, 2025
    risk 0.41cvss 6.3epss 0.05

    A vulnerability was determined in Comfast CF-N1 2.6.0. This affects the function wifilith_delete_pic_file of the file /usr/bin/webmgnt. This manipulation of the argument portal_delete_picname causes command injection. The attack is possible to be carried out remotely. The…

  • CVE-2025-9584MedAug 28, 2025
    risk 0.41cvss 6.3epss 0.08

    A vulnerability was found in Comfast CF-N1 2.6.0. Affected by this issue is the function update_interface_png of the file /usr/bin/webmgnt. The manipulation of the argument interface/display_name results in command injection. The attack can be executed remotely. The exploit has…

  • CVE-2025-9583MedAug 28, 2025
    risk 0.41cvss 6.3epss 0.05

    A vulnerability has been found in Comfast CF-N1 2.6.0. Affected by this vulnerability is the function ping_config of the file /usr/bin/webmgnt. The manipulation leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the…

  • CVE-2025-9582MedAug 28, 2025
    risk 0.41cvss 6.3epss 0.05

    A flaw has been found in Comfast CF-N1 2.6.0. Affected is the function ntp_timezone of the file /usr/bin/webmgnt. Executing manipulation of the argument timestr can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used.

  • CVE-2025-9581MedAug 28, 2025
    risk 0.41cvss 6.3epss 0.05

    A vulnerability was detected in Comfast CF-N1 2.6.0. This impacts the function multi_pppoe of the file /usr/bin/webmgnt. Performing manipulation of the argument phy_interface results in command injection. The attack may be initiated remotely. The exploit is now public and may be…