GCVE - cpe:2.3:h:comfast:cf-n1:2:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:h:comfast:cf-n1:2:*:*:*:*:*:*:*

part: h version: 2 update: *

Vendor	Comfast (`73ca0fe3-d078-57b1-947c-03e714d28b3e`)
Product	Cf N1 (`1e5d48b5-0031-505b-bde9-96985122396d`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-2535`	not_vulnerable	2026-06-03 15:19:24.449696	Comfast CF-N1 V2 mbox-config sub_44AB9C command injection MEDIUM (6.3) A vulnerability was found in Comfast CF-N1 V2 2.6.0.2. The impacted element is the function sub_44AB9C of the file /cgi-bin/mbox-config?method=SET&section=ptest_channel. The manipulation of the argument channel results in command injection. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2026-02-16T04:32:06.965Z Updated: 2026-02-23T10:05:37.645Z Open on db.gcve.eu Reference links https://vuldb.com/?id.346123 https://vuldb.com/?ctiid.346123 https://vuldb.com/?submit.748784 https://github.com/jinhao118/cve/blob/main/ComFast%20Router_2.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-2534`	not_vulnerable	2026-06-03 15:19:24.448998	Comfast CF-N1 V2 mbox-config sub_44AC4C command injection MEDIUM (6.3) A vulnerability has been found in Comfast CF-N1 V2 2.6.0.2. The affected element is the function sub_44AC4C of the file /cgi-bin/mbox-config?method=SET&section=ptest_bandwidth. The manipulation of the argument bandwidth leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2026-02-16T04:02:06.616Z Updated: 2026-02-23T10:05:26.078Z Open on db.gcve.eu Reference links https://vuldb.com/?id.346122 https://vuldb.com/?ctiid.346122 https://vuldb.com/?submit.748783 https://github.com/jinhao118/cve/blob/main/ComFast%20Router_1.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-9586`	not_vulnerable	2026-06-03 15:13:46.834378	Comfast CF-N1 webmgnt wireless_device_dissoc command injection MEDIUM (6.3) A vulnerability was identified in Comfast CF-N1 2.6.0. This vulnerability affects the function wireless_device_dissoc of the file /usr/bin/webmgnt. Such manipulation of the argument mac leads to command injection. The attack may be performed from a remote location. The exploit is publicly available and might be used. Published: 2025-08-28T21:02:05.469Z Updated: 2025-08-29T13:29:07.586Z Open on db.gcve.eu Reference links https://vuldb.com/?id.321699 https://vuldb.com/?ctiid.321699 https://vuldb.com/?submit.636137 https://github.com/ZZ2266/.github.io/blob/main/COMFAST/N1V2/wireless_device_dissoc/readme.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-9585`	not_vulnerable	2026-06-03 15:13:46.833780	Comfast CF-N1 webmgnt wifilith_delete_pic_file command injection MEDIUM (6.3) A vulnerability was determined in Comfast CF-N1 2.6.0. This affects the function wifilith_delete_pic_file of the file /usr/bin/webmgnt. This manipulation of the argument portal_delete_picname causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. Published: 2025-08-28T20:32:06.368Z Updated: 2025-08-29T13:27:44.109Z Open on db.gcve.eu Reference links https://vuldb.com/?id.321698 https://vuldb.com/?ctiid.321698 https://vuldb.com/?submit.636136 https://github.com/ZZ2266/.github.io/blob/main/COMFAST/N1V2/wifilith_delete_pic_file/readme.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-9584`	not_vulnerable	2026-06-03 15:13:46.833192	Comfast CF-N1 webmgnt update_interface_png command injection MEDIUM (6.3) A vulnerability was found in Comfast CF-N1 2.6.0. Affected by this issue is the function update_interface_png of the file /usr/bin/webmgnt. The manipulation of the argument interface/display_name results in command injection. The attack can be executed remotely. The exploit has been made public and could be used. Published: 2025-08-28T20:02:08.649Z Updated: 2025-08-28T20:13:50.031Z Open on db.gcve.eu Reference links https://vuldb.com/?id.321697 https://vuldb.com/?ctiid.321697 https://vuldb.com/?submit.636131 https://github.com/ZZ2266/.github.io/blob/main/COMFAST/N1V2/update_interface_png/readme.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-9583`	not_vulnerable	2026-06-03 15:13:46.832706	Comfast CF-N1 webmgnt ping_config command injection MEDIUM (6.3) A vulnerability has been found in Comfast CF-N1 2.6.0. Affected by this vulnerability is the function ping_config of the file /usr/bin/webmgnt. The manipulation leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. Published: 2025-08-28T20:02:06.456Z Updated: 2025-08-28T20:14:55.933Z Open on db.gcve.eu Reference links https://vuldb.com/?id.321696 https://vuldb.com/?ctiid.321696 https://vuldb.com/?submit.636130 https://github.com/ZZ2266/.github.io/tree/main/COMFAST/N1V2/ping_config	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.