Comfast CF-N1 Command Injection Vulnerability in Web Management Interface
Vulnerability
A command injection vulnerability has been identified in the Comfast CF-N1 V2 router, specifically in the 2.6.0 firmware version. The issue arises in the web management interface, within the 'wifilith_delete_pic_file' function. This vulnerability allows remote attackers to inject arbitrary commands through the 'portal_delete_picname' parameter. The injected commands are executed on the system, which could lead to unauthorized command execution, access to sensitive files, or complete control over the device.
Impact
Exploitation of this vulnerability allows for arbitrary command execution on the device, with potential access to sensitive files or complete system compromise.
Reproduction
To reproduce this vulnerability, send a POST request to the '/cgi-bin/mbox-config' endpoint with the 'method' set to 'SET' and the 'section' set to 'wifilith_delete_pic_file'. Include the 'portal_delete_picname' parameter in the request body, injecting a command such as 'echo delete > /www-comfast/test.txt #'. This command will be executed on the device, demonstrating the command injection vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.