Primary

Context

Comfast CF-N1-S Command Injection Vulnerability in Endpoint Component

Vulnerability

A command injection vulnerability has been identified in the Comfast CF-N1-S router, specifically in the V2.6.0.1 firmware. The issue arises in the Endpoint component, within the file '/cgi-bin/mbox-config?method=SET&section=ping_config'. The vulnerability allows authenticated attackers to inject arbitrary commands through the 'destination' parameter, which are then executed on the device with the privileges of the web service. This exploitation could lead to a full compromise of the device.

Impact

Successful exploitation allows authenticated attackers to execute arbitrary commands on the device, potentially leading to a complete compromise.

Reproduction

To reproduce this vulnerability, an authenticated user must send a POST request to '/cgi-bin/mbox-config?method=SET&section=ping_config'. The request must include a crafted 'destination' parameter that contains the command to be executed. This can be done using a session cookie to maintain authentication.

Added: Apr 22, 2026, 12:17 AM

Updated: Apr 22, 2026, 12:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.6

remediation

0.0

relevance

6.0

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.6

remediation

0.0

relevance

6.0

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Comfast CF-N1-S Command Injection Vulnerability in Endpoint Component

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating