GCVE - cpe:2.3:o:comfast:cf-n1_firmware:2.6.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:comfast:cf-n1_firmware:2.6.0:*:*:*:*:*:*:*

part: o version: 2.6.0 update: *

Vendor	Comfast (`73ca0fe3-d078-57b1-947c-03e714d28b3e`)
Product	Cf N1 Firmware (`c7f9b6f9-5679-548a-a3fa-2fe5d8f1ca84`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-9586`	vulnerable	2026-06-03 15:13:46.834246	Comfast CF-N1 webmgnt wireless_device_dissoc command injection MEDIUM (6.3) A vulnerability was identified in Comfast CF-N1 2.6.0. This vulnerability affects the function wireless_device_dissoc of the file /usr/bin/webmgnt. Such manipulation of the argument mac leads to command injection. The attack may be performed from a remote location. The exploit is publicly available and might be used. Published: 2025-08-28T21:02:05.469Z Updated: 2025-08-29T13:29:07.586Z Open on db.gcve.eu Reference links https://vuldb.com/?id.321699 https://vuldb.com/?ctiid.321699 https://vuldb.com/?submit.636137 https://github.com/ZZ2266/.github.io/blob/main/COMFAST/N1V2/wireless_device_dissoc/readme.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-9585`	vulnerable	2026-06-03 15:13:46.833667	Comfast CF-N1 webmgnt wifilith_delete_pic_file command injection MEDIUM (6.3) A vulnerability was determined in Comfast CF-N1 2.6.0. This affects the function wifilith_delete_pic_file of the file /usr/bin/webmgnt. This manipulation of the argument portal_delete_picname causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. Published: 2025-08-28T20:32:06.368Z Updated: 2025-08-29T13:27:44.109Z Open on db.gcve.eu Reference links https://vuldb.com/?id.321698 https://vuldb.com/?ctiid.321698 https://vuldb.com/?submit.636136 https://github.com/ZZ2266/.github.io/blob/main/COMFAST/N1V2/wifilith_delete_pic_file/readme.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-9584`	vulnerable	2026-06-03 15:13:46.833089	Comfast CF-N1 webmgnt update_interface_png command injection MEDIUM (6.3) A vulnerability was found in Comfast CF-N1 2.6.0. Affected by this issue is the function update_interface_png of the file /usr/bin/webmgnt. The manipulation of the argument interface/display_name results in command injection. The attack can be executed remotely. The exploit has been made public and could be used. Published: 2025-08-28T20:02:08.649Z Updated: 2025-08-28T20:13:50.031Z Open on db.gcve.eu Reference links https://vuldb.com/?id.321697 https://vuldb.com/?ctiid.321697 https://vuldb.com/?submit.636131 https://github.com/ZZ2266/.github.io/blob/main/COMFAST/N1V2/update_interface_png/readme.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-9583`	vulnerable	2026-06-03 15:13:46.831004	Comfast CF-N1 webmgnt ping_config command injection MEDIUM (6.3) A vulnerability has been found in Comfast CF-N1 2.6.0. Affected by this vulnerability is the function ping_config of the file /usr/bin/webmgnt. The manipulation leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. Published: 2025-08-28T20:02:06.456Z Updated: 2025-08-28T20:14:55.933Z Open on db.gcve.eu Reference links https://vuldb.com/?id.321696 https://vuldb.com/?ctiid.321696 https://vuldb.com/?submit.636130 https://github.com/ZZ2266/.github.io/tree/main/COMFAST/N1V2/ping_config	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-9582`	vulnerable	2026-06-03 15:13:46.830484	Comfast CF-N1 webmgnt ntp_timezone command injection MEDIUM (6.3) A flaw has been found in Comfast CF-N1 2.6.0. Affected is the function ntp_timezone of the file /usr/bin/webmgnt. Executing manipulation of the argument timestr can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used. Published: 2025-08-28T19:32:07.054Z Updated: 2025-08-28T20:04:06.709Z Open on db.gcve.eu Reference links https://vuldb.com/?id.321695 https://vuldb.com/?ctiid.321695 https://vuldb.com/?submit.636128 https://github.com/ZZ2266/.github.io/tree/main/COMFAST/N1V2/ntp_timezone	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-9581`	vulnerable	2026-06-03 15:13:46.829177	Comfast CF-N1 webmgnt multi_pppoe command injection MEDIUM (6.3) A vulnerability was detected in Comfast CF-N1 2.6.0. This impacts the function multi_pppoe of the file /usr/bin/webmgnt. Performing manipulation of the argument phy_interface results in command injection. The attack may be initiated remotely. The exploit is now public and may be used. Published: 2025-08-28T19:02:10.432Z Updated: 2025-08-28T20:01:08.768Z Open on db.gcve.eu Reference links https://vuldb.com/?id.321694 https://vuldb.com/?ctiid.321694 https://vuldb.com/?submit.636127 https://github.com/ZZ2266/.github.io/tree/main/COMFAST/N1V2/multi_pppoe	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.