CVE-2025-9586
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-28

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was identified in Comfast CF-N1 2.6.0. This vulnerability affects the function wireless_device_dissoc of the file /usr/bin/webmgnt. Such manipulation of the argument mac leads to command injection. The attack may be performed from a remote location. The exploit is publicly available and might be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-28
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-08-28
EPSS Evaluated
2026-06-14
NVD
CVE-2025-9586
EUVD
EUVD-2025-26145
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
comfast cf-n1_firmware 2.6.0
comfast cf-n1 2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-9586 is a command injection vulnerability in the Comfast CF-N1 device running firmware version 2.6.0. It affects the function wireless_device_dissoc in the /usr/bin/webmgnt executable. The vulnerability occurs because the 'mac' argument is not properly sanitized, allowing an attacker to inject arbitrary system commands remotely. This can lead to unauthorized execution of commands on the device. [1, 2]

Impact Analysis

This vulnerability can impact you by allowing attackers to remotely execute arbitrary system commands on the affected device, potentially gaining unauthorized access or full control. This compromises the confidentiality, integrity, and availability of the system, which could lead to data breaches, device manipulation, or denial of service. [1, 2]

Detection Guidance

Detection of this vulnerability involves monitoring for unusual command injection attempts targeting the wireless_device_dissoc function, specifically through the 'mac' parameter in the /usr/bin/webmgnt executable. Since the exploit is publicly available and remotely exploitable, network intrusion detection systems (NIDS) can be configured to look for suspicious payloads or command injection patterns in requests to the device. Additionally, checking logs for unexpected command executions or anomalies related to the wireless_device_dissoc API may help. Specific commands are not provided in the resources, but monitoring network traffic for suspicious input to the 'mac' parameter or scanning the device for unauthorized command executions is recommended. [1, 2]

Mitigation Strategies

Immediate mitigation steps include replacing the affected Comfast CF-N1 device running firmware version 2.6.0 with an alternative product, as no known patches or countermeasures are currently available. Limiting network exposure of the device, restricting remote access, and monitoring for exploitation attempts are also advisable. Since the vulnerability allows remote command injection without authentication, isolating the device from untrusted networks can reduce risk until a fix is available. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-9586. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart