CVE-2025-9586
BaseFortify
Publication date: 2025-08-28
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| comfast | cf-n1_firmware | 2.6.0 |
| comfast | cf-n1 | 2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-9586 is a command injection vulnerability in the Comfast CF-N1 device running firmware version 2.6.0. It affects the function wireless_device_dissoc in the /usr/bin/webmgnt executable. The vulnerability occurs because the 'mac' argument is not properly sanitized, allowing an attacker to inject arbitrary system commands remotely. This can lead to unauthorized execution of commands on the device. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to remotely execute arbitrary system commands on the affected device, potentially gaining unauthorized access or full control. This compromises the confidentiality, integrity, and availability of the system, which could lead to data breaches, device manipulation, or denial of service. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for unusual command injection attempts targeting the wireless_device_dissoc function, specifically through the 'mac' parameter in the /usr/bin/webmgnt executable. Since the exploit is publicly available and remotely exploitable, network intrusion detection systems (NIDS) can be configured to look for suspicious payloads or command injection patterns in requests to the device. Additionally, checking logs for unexpected command executions or anomalies related to the wireless_device_dissoc API may help. Specific commands are not provided in the resources, but monitoring network traffic for suspicious input to the 'mac' parameter or scanning the device for unauthorized command executions is recommended. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the affected Comfast CF-N1 device running firmware version 2.6.0 with an alternative product, as no known patches or countermeasures are currently available. Limiting network exposure of the device, restricting remote access, and monitoring for exploitation attempts are also advisable. Since the vulnerability allows remote command injection without authentication, isolating the device from untrusted networks can reduce risk until a fix is available. [2]