Comfast CF-N1 Command Injection Vulnerability in Wireless Device Dissociation Function

A command injection vulnerability has been identified in the Comfast CF-N1 V2 wireless router, specifically in version 2.6.0. The issue arises in the 'wireless_device_dissoc' function within the '/usr/bin/webmgnt' file. This vulnerability allows attackers to inject arbitrary commands through the 'mac' parameter, which is not properly sanitized before being executed. The flaw can be exploited remotely, potentially leading to unauthorized execution of system commands, access to sensitive information, or complete control over the device.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the device, with the potential to read sensitive files or gain full control over the router.

Reproduction

To reproduce this vulnerability, send a POST request to the '/cgi-bin/mbox-config' endpoint with the 'method' set to 'SET' and the 'section' set to 'wireless_device_dissoc'. Include a crafted 'mac' parameter that exploits the command injection flaw, such as one that uses command separators to inject and execute additional commands.