CVE-2025-9585

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Comfast CF-N1 version 2.6.0

Description A vulnerability exists in Comfast CF-N1 version 2.6.0 due to command injection. Manipulation of the portal delete picname argument within the wifilith delete pic file function, located in the /usr/bin/webmgnt file, allows for remote execution of commands. The exploit for this issue has been publicly disclosed.

Recommendations Update to a newer version of Comfast CF-N1 that addresses this issue. As a temporary workaround, restrict access to the /usr/bin/webmgnt file. Avoid using the portal delete picname parameter in the wifilith delete pic file function until the issue is resolved.

Exploit

Fix

Special Elements Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-77

Related Identifiers

CVE-2025-9585

Affected Products

Comfast Cf-N1

CVE-2025-9585

Weakness Enumeration

Related Identifiers

Affected Products

References · 9