CVE-2025-9583
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-28

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability has been found in Comfast CF-N1 2.6.0. Affected by this vulnerability is the function ping_config of the file /usr/bin/webmgnt. The manipulation leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-28
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-08-28
EPSS Evaluated
2026-06-14
NVD
CVE-2025-9583
EUVD
EUVD-2025-28869
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
comfast cf-n1_firmware 2.6.0
comfast cf-n1 2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a command injection flaw in the Comfast CF-N1 device running firmware version 2.6.0, specifically in the ping_config function of the /usr/bin/webmgnt binary. It allows remote attackers to inject and execute arbitrary system commands by manipulating user-controlled input that is not properly sanitized. This can lead to unauthorized command execution on the device. [1, 2]

Impact Analysis

Exploiting this vulnerability can lead to unauthorized execution of system commands on the affected device, potentially resulting in access to sensitive information, full device compromise, and impacts on confidentiality, integrity, and availability of the system. Remote attackers can take control of the device without user interaction. [1, 2]

Detection Guidance

Detection of this vulnerability involves checking if the Comfast CF-N1 device is running firmware version 2.6.0 and if the ping_config function in /usr/bin/webmgnt is accessible. Since the vulnerability allows command injection via user-controlled parameters in the ping configuration API, monitoring for unusual or unauthorized command executions or network traffic targeting this API endpoint may help. However, no specific detection commands or signatures are provided in the available resources. [1, 2]

Mitigation Strategies

Immediate mitigation steps include replacing the affected Comfast CF-N1 device running firmware version 2.6.0, as no known countermeasures or mitigations currently exist. It is recommended to avoid using the vulnerable ping_config function and restrict remote access to the device to prevent exploitation. Monitoring for exploitation attempts and applying network-level protections may also help reduce risk until a fixed firmware or patch is available. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-9583. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart